A Systematic Review of Information Security Frameworks in the Internet of Things (IoT)

Abstract

By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. Internet of things has gained extensive attention, the deployment of sensors, actuators are increasing at a rapid pace around the world. There is tremendous scope for more streamlined living through an increase of smart services, but this coincides with an increase in security and privacy concerns. There is a need to perform a systematic review of Information security governance frameworks in the Internet of things (IoT). Objective – The aim of this paper to evaluate systematic review of information security management frameworks which are related to the Internet of things (IoT). It will also discuss different information security frameworks that cover IoT models and deployments across different verticals. These frameworks are classified according to the area of the framework, the security executives and senior management of any enterprise that plans to start using smart services needs to define a clear governance strategy concerning the security of their assets, this system review will help them to make a better decision for their investment for secure IoT deployments. Method – A set of standard criteria has been established to analyze which security framework will be the best fit among these classified security structures in particularly for Internet of Things (IoT). The first step to evaluate security framework by using standard criteria methodology is to identify resources, the security framework for IoT is selected to be assessed according to CCS. The second step is to develop a set of Security Targets (ST). The ST is the set of criteria to apply for the target of evaluation (TOE). The third step is data extraction, fourth step data synthesis, and final step is to write-up study as a report. Conclusion– After reviewing four information security risk frameworks, this study makes some suggestions related to information security risk governance in Internet of Things (IoT). The organizations that have decided to move to smart devices have to define the benefits and risks and deployment processes to manage security risk. The information security risk policies should comply with an organization's IT policies and standards to protect the confidentiality, integrity and availability of information security. The study observes some of the main processes that are needed to manage security risks. Moreover, the paper also drew attention on some suggestions that may assist companies which are associated with the information security framework in Internet of things (IoT).