Abstract
Security vulnerabilities of the modern Internet of Things (IoT) systems are unique, mainly due to the complexity and heterogeneity of the technology and data. The risks born out of these IoT systems cannot easily fit into an existing risk framework. There are many cybersecurity risk assessment approaches and frameworks that are under deployment in many governmental and commercial organizations. Extending these existing frameworks to IoT systems alone will not address the new risks that have arisen in the IoT ecosystem. This study has included a review of existing popular cyber risk assessment methodologies and their suitability to IoT systems. National Institute of Standards and Technology, Operationally Critical Threat, Asset, and Vulnerability Evaluation, Threat Assessment & Remediation Analysis, and International Standards Organization are the four main frameworks critically analyzed in this research study. IoT risks are presented and reviewed in terms of the IoT risk category and impacted industries. IoT systems in financial technology and healthcare are dealt with in detail, given their high-risk exposure. Risk vectors for IoT and the Internet of Medical Things (IoMT) are discussed in this study. A unique risk ranking method to rank and quantify IoT risk is introduced in this study. This ranking method initiates a risk assessment approach exclusively for IoT systems by quantifying IoT risk vectors, leading to effective risk mitigation strategies and techniques. A unique computational approach to calculate the cyber risk for IoT systems with IoT-specific impact factors has been designed and explained in the context of IoMT systems.
Highlights
1.1 Internet of Things (IoT) technology IoT revolution of this millennium is the wave of technology that has impacted, and empowered every industry, since its initial formation in the year 1999 [1]
We present a critical analysis of cybersecurity risk assessment frameworks, their challenges, and perspectives for the future, with emphasis on industrial and healthcare sectors, the Internet of Medical Things (IoMT)
We focus mainly on National Institute of Standards and Technology (NIST), Operationally Critical Threat (OCTAVE), International Standards Organization (ISO), and Threat Assessment & Remediation Analysis (TARA) in this article
Summary
1.1 IoT technology IoT revolution of this millennium is the wave of technology that has impacted, and empowered every industry, since its initial formation in the year 1999 [1]. Given the security vulnerabilities in modern IoT systems, it is important to holistically analyze cyber risk assessment frameworks, risk vectors, and risk ranking. Developing a computational approach for computing cyber risk for IoT systems is one of the goals of this research. Based on the literature review and analysis, a scientific approach to computing the cyber risk for IoT systems was designed as a part of this research, taking into consideration the IoT-specific impact factors. These factors were applied to compute the risk impact and likelihood of IoMT devices. The foundational aspects of cybersecurity risks are examined in this research through the lens of applicable theories including Dempster-Shafer theory and cybersecurity game theory
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
