Abstract
The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture.
Highlights
This study is focused on standardising the Internet of Things (IoT) risk assessments (Das et al 2019; Miaoui and Boudriga 2019; Burnap et al 2017; Radanliev et al 2020a; Schatz and Bashroush 2017)
The aim of the study is to identify a model that enables building dynamic confidence intervals and time bound ranges with real-time data and to address two objectives: First, to identify and capture a target state for cyber risk assessment for the IoT and to adapt a transformation roadmap for existing cyber risk assessments and standards to include IoT risk
Four methodologies have been adapted for IoT risk analysis; those include (a) Risk analysis through functional dependency; (b) risk network-based linear dependency modelling; (c) risk impact assessment with a goal-oriented approach; and (d) integration of the goal-oriented approach with the IoT Micro Mort (IoTMM) model (Radanliev et al 2018)
Summary
This study is focused on standardising the Internet of Things (IoT) risk assessments (Das et al 2019; Miaoui and Boudriga 2019; Burnap et al 2017; Radanliev et al 2020a; Schatz and Bashroush 2017). The contribution of the study is a NC, USA new goal-oriented dependency model, with the ability to perform dynamic real-time predictive intelligence on threat frequency and the magnitude loss. The risk quantification is followed by a Goal-Oriented Approach for cyber risk impact assessment through Network-based Linear Dependency Modelling. These are discussed and expanded further in the remainder of this article. We wanted to review and analyse all the literature on this topic, though a qualitative literature review and case study of the related risk assessment approaches and compare the qualitative analysis
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
