Creating A Security Baseline and Cybersecurity Framework for the Internet of Things Via Security Controls

Abstract

The Internet of Things (IoT) has revolutionized how we interact with the world and has become an essential ingredient for various industries for service efficiency and effectiveness. IoT is a common building block for automation tasks to help businesses enhance productivity and performance. IoT is observed anywhere and everywhere and in almost every industry. The technology that was supposed to make our lives easier brought forth a cybersecurity storm for which the world is unprepared. To mitigate this issue, these devices need a proper security baseline and cybersecurity framework to support them. This design science study proposed a framework to create a security baseline based on the foundation of security controls. The proposed framework uses the NIST SP800-53 controls as requirements for management, operational, and technical implementations. The study investigated how and which controls are selected for requirements. This approach can be used as a guideline for organizations to develop their security baseline to support and secure the IoT systems.