Information security risk assessment methods have served us well over the past two decades. They have provided a tool for organizations and governments to use in protecting themselves against pertinent risks. As the complexity, pervasiveness, and automation of technology systems increases and cyberspace matures, particularly with the Internet of Things (IoT), there is a strong argument that we will need new approaches to assess risk and build trust. The challenge with simply extending existing assessment methodologies to IoT systems is that we could be blind to new risks arising in such ecosystems. These risks could be related to the high degrees of connectivity present or the coupling of digital, cyber-physical, and social systems. This article makes the case for new methodologies to assess risk in this context that consider the dynamics and uniqueness of the IoT while maintaining the rigor of best practice in risk assessment.
[1]
Luigi Alfredo Grieco,et al.
Security, privacy and trust in Internet of Things: The road ahead
,
2015,
Comput. Networks.
[2]
Antonio Iera,et al.
The Internet of Things: A survey
,
2010,
Comput. Networks.
[3]
Sadie Creese,et al.
Smart Insiders: Exploring the Threat from Insiders Using the Internet-of-Things
,
2015,
2015 International Workshop on Secure Internet of Things (SIoT).
[4]
Mohamed Cheriet,et al.
Taxonomy of information security risk assessment (ISRA)
,
2016,
Comput. Secur..
[5]
Bashar Nuseibeh,et al.
Problem Analysis of Traditional IT-Security Risk Assessment Methods - An Experience Report from the Insurance and Auditing Domain
,
2011,
SEC.