If you can't understand it, you can't properly assess it! The reality of assessing security risks in Internet of Things systems
This addresses security risks for IoT adopters in corporate environments, but it is incremental as it focuses on identifying challenges rather than proposing solutions.
The paper investigates the need for new security risk assessment methods for Internet of Things (IoT) systems by conducting workshops and interviews with industry professionals, identifying concerns in IoT adoption and challenges in cyber-risk assessment.
Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.