Abstract

PurposeInternet of Things (IoT) interconnects many heterogeneous devices to each other, collecting and processing large volumes of data for decision making without human intervention. However, the information security concern it brings has attracted quite a lot of attention, and, at this stage, the smart step would be to analyze the security issues of IoT platform and get to the state of readiness before embarking upon this attractive technology. The purpose of this paper is to address these issues.Design/methodology/approachIoT risk assessment through the application of the analytical hierarchy process (AHP), a favorite multi-criteria decision making technique, is proposed. The IoT risks are prioritized and ranked at different layers, before which a well-defined IoT risk taxonomy is defined comprising of 25 risks across six layers of the IoT model for developing control and mitigation plans for information security of IoT.FindingsPeople and processes layer, network layer and applications layer are the top three critical layers with risks like the lack of awareness, malware injection, malicious code injection, denial of service and inefficient policies for IoT practice get the highest priority and rank. Pareto analysis of the overall risk factors revealed that the top ten factors contribute to 80 percent of the risks perceived by information security experts.Research limitations/implicationsThe study focuses only on certain predefined constructs or layers of the IoT model traced from legacy studies. It is essential to re-look these constructs on a timely basis to prolong the results’ validity. The study’s empirical scope is confined only to the risk perception of select IoT experts and does not encompass a broader segment of the IoT ecosystem. Therefore, the risks assessment may not be sweeping to a bigger audience.Practical implicationsThe study implications are two-fold: one it consolidates the earlier siloed works to intensify the need for risk assessment in the IoT domain, and second the study brings yet another contextual avenue of extending the application AHP and Pareto principle combination. The paper also draws specific critical organizational interventions about IoT risks. A comprehensive approach to prioritizing and ranking IoT risks are present in this research paper.Originality/valueThe contribution of this study to the benchmarking of IoT risk assessment is two-fold. One, a comprehensive risk assessment taxonomy is proposed, and two, the risks are prioritized and ranked to give a convincing reference for the organizations while making information security plans for IoT technology.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.