IoT Security: Issues, Challenges & Open Problems
VerifiedAdded on  2020/05/16
|11
|4098
|474
AI Summary
This assignment delves into the critical realm of security within the Internet of Things (IoT). It examines prevalent security issues, highlights the significant challenges posed by IoT's expanding landscape, and identifies crucial open problems that require further research and development. The analysis draws upon a range of academic sources to provide a comprehensive understanding of the multifaceted nature of IoT security.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
Assessment on Internet of Things (IoT) Risk Management
Name of student
Name of University
Author’s Note
Assessment on Internet of Things (IoT) Risk Management
Name of student
Name of University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
Executive Summary
This report will make the business stakeholder understand about the risk management of Internet
of Thing and help them to make decision. The report states that the risks assessed on the
technology have provided the overview of the recommendation done to this management. The
report tells about the threats, vulnerabilities and consequences that have derived from an IoT
framework. It has also assessed the risk of existing industry that has been recommended for the
project. In the report, it has identified and discussed the key threat agents. Finally, the report had
provided solution to mitigate the risks and their impacts on the system. The report also provides
a brief summary about employing a protection review for the website security.
Executive Summary
This report will make the business stakeholder understand about the risk management of Internet
of Thing and help them to make decision. The report states that the risks assessed on the
technology have provided the overview of the recommendation done to this management. The
report tells about the threats, vulnerabilities and consequences that have derived from an IoT
framework. It has also assessed the risk of existing industry that has been recommended for the
project. In the report, it has identified and discussed the key threat agents. Finally, the report had
provided solution to mitigate the risks and their impacts on the system. The report also provides
a brief summary about employing a protection review for the website security.
2ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
Table of Contents
Introduction......................................................................................................................................3
Threats of IoT..................................................................................................................................3
Vulnerability of IoT.........................................................................................................................4
Consequences..................................................................................................................................4
Literature review..............................................................................................................................5
Recommendation.............................................................................................................................8
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
Table of Contents
Introduction......................................................................................................................................3
Threats of IoT..................................................................................................................................3
Vulnerability of IoT.........................................................................................................................4
Consequences..................................................................................................................................4
Literature review..............................................................................................................................5
Recommendation.............................................................................................................................8
Conclusion.......................................................................................................................................8
References........................................................................................................................................9
3ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
Introduction
The purpose of this report is to provide an overview of the process involved in
performing the threat and risk assessment. The objective of the assessment on Internet of Things
(IoT) Risk Management is to provide recommendations to increase the availability,
confidentiality and integrity after being providing the usability and functionality. To perform a
threat and risk assessment internal and external resources has accomplished. Everything depends
on the situation at the time of choosing to use the internal or external resources. The scope of this
report is to identify the sensitivity and protect the risk and the system and applications that are
included in the assessment. The scope has indicated to analyze the internal or external
perspective or both. The vulnerabilities and threats for the specific system and services has
identified from various resources. The reports have identified and analyze vulnerability and
gathered information and test whether the current safeguards are sufficient in terms of
availability, confidentiality or integrity. This vulnerability analysis will indicate whether the
proposed safeguard is sufficient or not. According to the level of risk that the organization poses
both internally and externally has graded by the specific vulnerabilities. If there are no adequate
protections then it has assumed that there are vulnerabilities.
In relation to business, environment threats has identified as the tampering, interruption
or destruction of services or item of value and the affects they have on the organization. The
report has also highlighted the OWASO Internet of Things top ten security issues that they have
faced with IoT devices. It also has recommended with countermeasure to make aware of such
threats.This IT risk task is for the intended audience of the management in which a risk
assessment about the Internet of Things has provided. Moreover, as a lead consultant, this report
will translate the technical difficulties in risk language to facilitate effective decision- making
between the business stakeholders and technologists with a scenario provided that of Gigantic
Corporation specifically on Internet of Things. The first and foremost thing that had to consider
is the cause of the risk that has arises in the organization.
Threats of IoT
The Internet of Things is an interconnection technology between the people and
computers for digitally connected things. However, as a part of the IoT engineering team for an
organization Governance, Risk, and Compliance (GRC) group defined risk management
organization and the risk data depends uniquely on the stockholder needs (Sadiq & Governatori,
2015). For any business, risk management is definitely going to happen in many ways, implicitly
or explicitly, reactively or proactively, as a box-checking exercise or competently. Threats are
the destruction, interruption or tampering of the services that conceivably happens in a system.
This threat has split into a human elements and non-human elements. Human elements include
financial or accounting theft, hackers, Electricians, Technicians, trained IT staff, accidental,
electronic and physical theft. Non-Human elements include Electrical, Air (dust), Viruses,
Plumbing, Lighting strikes, Floods, Heat Control and Fire. In recent ransom-ware has identified
as the main threat of IoT ecosystem that leads to locking of files and a notification will be send
Introduction
The purpose of this report is to provide an overview of the process involved in
performing the threat and risk assessment. The objective of the assessment on Internet of Things
(IoT) Risk Management is to provide recommendations to increase the availability,
confidentiality and integrity after being providing the usability and functionality. To perform a
threat and risk assessment internal and external resources has accomplished. Everything depends
on the situation at the time of choosing to use the internal or external resources. The scope of this
report is to identify the sensitivity and protect the risk and the system and applications that are
included in the assessment. The scope has indicated to analyze the internal or external
perspective or both. The vulnerabilities and threats for the specific system and services has
identified from various resources. The reports have identified and analyze vulnerability and
gathered information and test whether the current safeguards are sufficient in terms of
availability, confidentiality or integrity. This vulnerability analysis will indicate whether the
proposed safeguard is sufficient or not. According to the level of risk that the organization poses
both internally and externally has graded by the specific vulnerabilities. If there are no adequate
protections then it has assumed that there are vulnerabilities.
In relation to business, environment threats has identified as the tampering, interruption
or destruction of services or item of value and the affects they have on the organization. The
report has also highlighted the OWASO Internet of Things top ten security issues that they have
faced with IoT devices. It also has recommended with countermeasure to make aware of such
threats.This IT risk task is for the intended audience of the management in which a risk
assessment about the Internet of Things has provided. Moreover, as a lead consultant, this report
will translate the technical difficulties in risk language to facilitate effective decision- making
between the business stakeholders and technologists with a scenario provided that of Gigantic
Corporation specifically on Internet of Things. The first and foremost thing that had to consider
is the cause of the risk that has arises in the organization.
Threats of IoT
The Internet of Things is an interconnection technology between the people and
computers for digitally connected things. However, as a part of the IoT engineering team for an
organization Governance, Risk, and Compliance (GRC) group defined risk management
organization and the risk data depends uniquely on the stockholder needs (Sadiq & Governatori,
2015). For any business, risk management is definitely going to happen in many ways, implicitly
or explicitly, reactively or proactively, as a box-checking exercise or competently. Threats are
the destruction, interruption or tampering of the services that conceivably happens in a system.
This threat has split into a human elements and non-human elements. Human elements include
financial or accounting theft, hackers, Electricians, Technicians, trained IT staff, accidental,
electronic and physical theft. Non-Human elements include Electrical, Air (dust), Viruses,
Plumbing, Lighting strikes, Floods, Heat Control and Fire. In recent ransom-ware has identified
as the main threat of IoT ecosystem that leads to locking of files and a notification will be send
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
to pay a ransom or will remain locked, as it has hacked the devices (Hamidi, 2016). If any
professional is able to communicate effectively about those risk, then in that case risk may exist
or less likely or may negatively impact the business. The first thing to consider in a business
system is to identify the risks and understand the business and without it the system may result to
failure (Lee & Lee, 2015). The level of depth is concern on the initial review that includes
tactical plans, strategy details, mission, and vision for the risk being assessed.
Vulnerability of IoT
In a system, vulnerability are the weakness of system software or hardware, weakness of
the policies and procedure and to the system users that allow the attackers to conduct a Denial-
of-Service attack, get access to unauthorized data, and to execute a command (Papp, Ma &
Buttyan, 2015). The main two components of the IoT system are; system software and hardware.
The software vulnerability has identified in software application, control software and operating
system. It is very difficult to identify the hardware vulnerability and even if the vulnerability has
identified, it is then again difficult to fix them due to the hardware interoperability and
compatibility (Rehman, Kriebel, Shafique & Henkel, 2014). Many organization faced problem to
effectively filter out the false positive from an assessment applications. The result of the false
positive can then be mitigated once assessment applications are updated with patches and
signature that are stable. The technical vulnerabilities is due to the weakness of human because
they are unable to understand the requirements to start a project without a proper plan, absence
of resources, knowledge and skills, no proper communication between the user and developer,
and fail to control and manage the system (Conteh & Schmick, 2016).
Consequences
Attackers attack to gain recompense or personal satisfaction. These attackers could be
criminals, governments or hackers that has become a threat to the digital world (Kundi et al.,
2014). In search of sensitive information, they attack the network to access the unencrypted data
traffic. The consequences results in some of the following cyber-attacks listed below:
Physical attacks: The high risk of physical attacks is in the outdoor environment of most of the
IoT devices.
Denial-of-Service attack: In this attack due to the limitations in the computational resources
and capabilities of the memory is low, the intended user cannot get the resources of machine or
network.
Reconnaissance attacks: These attacks include queries send from the information of IP
address, pocket sniffers, analysis of traffic, to scan the network ports.
Access attacks: The unauthorized intruder tries to gain access to devices or network that is not
authorized to them (Jose & Malekian, 2015). This type of attacks has done in two ways. The first
way is the physical access to physical devices and the second way is the remote access to devices
that has connected to IP.
to pay a ransom or will remain locked, as it has hacked the devices (Hamidi, 2016). If any
professional is able to communicate effectively about those risk, then in that case risk may exist
or less likely or may negatively impact the business. The first thing to consider in a business
system is to identify the risks and understand the business and without it the system may result to
failure (Lee & Lee, 2015). The level of depth is concern on the initial review that includes
tactical plans, strategy details, mission, and vision for the risk being assessed.
Vulnerability of IoT
In a system, vulnerability are the weakness of system software or hardware, weakness of
the policies and procedure and to the system users that allow the attackers to conduct a Denial-
of-Service attack, get access to unauthorized data, and to execute a command (Papp, Ma &
Buttyan, 2015). The main two components of the IoT system are; system software and hardware.
The software vulnerability has identified in software application, control software and operating
system. It is very difficult to identify the hardware vulnerability and even if the vulnerability has
identified, it is then again difficult to fix them due to the hardware interoperability and
compatibility (Rehman, Kriebel, Shafique & Henkel, 2014). Many organization faced problem to
effectively filter out the false positive from an assessment applications. The result of the false
positive can then be mitigated once assessment applications are updated with patches and
signature that are stable. The technical vulnerabilities is due to the weakness of human because
they are unable to understand the requirements to start a project without a proper plan, absence
of resources, knowledge and skills, no proper communication between the user and developer,
and fail to control and manage the system (Conteh & Schmick, 2016).
Consequences
Attackers attack to gain recompense or personal satisfaction. These attackers could be
criminals, governments or hackers that has become a threat to the digital world (Kundi et al.,
2014). In search of sensitive information, they attack the network to access the unencrypted data
traffic. The consequences results in some of the following cyber-attacks listed below:
Physical attacks: The high risk of physical attacks is in the outdoor environment of most of the
IoT devices.
Denial-of-Service attack: In this attack due to the limitations in the computational resources
and capabilities of the memory is low, the intended user cannot get the resources of machine or
network.
Reconnaissance attacks: These attacks include queries send from the information of IP
address, pocket sniffers, analysis of traffic, to scan the network ports.
Access attacks: The unauthorized intruder tries to gain access to devices or network that is not
authorized to them (Jose & Malekian, 2015). This type of attacks has done in two ways. The first
way is the physical access to physical devices and the second way is the remote access to devices
that has connected to IP.
5ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
Privacy attack: It has become a challenge to the privacy of IoT as there are large volumes of
information available for the mechanism of remote access. Some of the common privacy attacks
are tracking, data mining, password attack, cyber espionage and eavesdropping (Jenab &
Moslehpour, 2016). In certain databases attacker through data mining get access the
unanticipated information. The intruder tracks the user’s location by the UID devices (Kim,
2017). The intruder tries to duplicate the user password through dictionary attack and brute force
attack. Through eavesdropping the attacker, listen to conversation done by two parties.
Cyber-crimes: The consequences of cybercrimes has found on the smart objects and the
internet to achieve materialistic gain through identity theft, fraud, brand theft and intellectual of
property theft (Broadhurst et al., 2014).
Literature review
Protection Mechanisms Employed For Website Security
The main thing of IoT is that it sends and receives data that are embedded in the
computing devices over the internet. Here comes the security issue, as the data is exchange over
the internet. This literature review taken an exam that highlight the OWASO Internet of Things
top ten security issues that they have faced with IoT devices and has suggested some of the
countermeasures.
1. Web Interface are not secure
a) Users when interact with the IoT devices face issues related to security with the web interface
and this interface is built into the IoT devices and this has allow attacker to get unauthorized
access to those devices (Hossain, Fotouhi & Hasan, 2015). The vulnerabilities that has come due
to such issue include SQL-injection, Default Credentials are weak, the credentials are exposed in
the Network Traffic, providing a Cross-site Scripting, Session Management, and Enumeration of
the Account (Mukati & Ali, 2014).
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. While making any initial setup, the default password and default usernames need to
be changed. Use password recovery mechanism to robust so that attacker does not get
information that is indicating our valid account (Florêncio, Herley & Van Oorschot, 2014). It
would necessary to make sure that no credentials has exposed to any of the internal or external
network traffic. The most important thing is not to keep a week passwords and to ensure that the
account get lockout if three to five login attempts were failed.
2. Authorization or Authentication is insufficient
a) To authenticate the poor authorization mechanism, IoT user interface an ineffective
mechanism and this allow the user to gain higher level of access (Hummen et al., 2014). The
vulnerabilities that has come due to such issue include, poor protection of credentials, advantages
of escalation, lack of access control based on role, password recovery is insecure and complex,
lack of two steps authentication.
Privacy attack: It has become a challenge to the privacy of IoT as there are large volumes of
information available for the mechanism of remote access. Some of the common privacy attacks
are tracking, data mining, password attack, cyber espionage and eavesdropping (Jenab &
Moslehpour, 2016). In certain databases attacker through data mining get access the
unanticipated information. The intruder tracks the user’s location by the UID devices (Kim,
2017). The intruder tries to duplicate the user password through dictionary attack and brute force
attack. Through eavesdropping the attacker, listen to conversation done by two parties.
Cyber-crimes: The consequences of cybercrimes has found on the smart objects and the
internet to achieve materialistic gain through identity theft, fraud, brand theft and intellectual of
property theft (Broadhurst et al., 2014).
Literature review
Protection Mechanisms Employed For Website Security
The main thing of IoT is that it sends and receives data that are embedded in the
computing devices over the internet. Here comes the security issue, as the data is exchange over
the internet. This literature review taken an exam that highlight the OWASO Internet of Things
top ten security issues that they have faced with IoT devices and has suggested some of the
countermeasures.
1. Web Interface are not secure
a) Users when interact with the IoT devices face issues related to security with the web interface
and this interface is built into the IoT devices and this has allow attacker to get unauthorized
access to those devices (Hossain, Fotouhi & Hasan, 2015). The vulnerabilities that has come due
to such issue include SQL-injection, Default Credentials are weak, the credentials are exposed in
the Network Traffic, providing a Cross-site Scripting, Session Management, and Enumeration of
the Account (Mukati & Ali, 2014).
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. While making any initial setup, the default password and default usernames need to
be changed. Use password recovery mechanism to robust so that attacker does not get
information that is indicating our valid account (Florêncio, Herley & Van Oorschot, 2014). It
would necessary to make sure that no credentials has exposed to any of the internal or external
network traffic. The most important thing is not to keep a week passwords and to ensure that the
account get lockout if three to five login attempts were failed.
2. Authorization or Authentication is insufficient
a) To authenticate the poor authorization mechanism, IoT user interface an ineffective
mechanism and this allow the user to gain higher level of access (Hummen et al., 2014). The
vulnerabilities that has come due to such issue include, poor protection of credentials, advantages
of escalation, lack of access control based on role, password recovery is insecure and complex,
lack of two steps authentication.
6ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. There should be options available to configure the password control and keep a
strong password with the use of a secure password recovery (Bonneau et al., 2015). Whenever
necessary to get access to granular control, it is better to ensure that the credentials has protected
properly. For sensitive features, re-authentication is required and implementation of two-step
authentication is necessary.
3. Network Services are not secure
a) In network services the intruder gain access to unauthorized device that are associated with the
data. The vulnerabilities that has come due to such issue leads to overflow of buffer, Ports are
Open via UPnP, Utilizing the UDP Services, Denial-of-Services via Fuzzing of Network Device.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. It is necessary to ensure that services should not be vulnerable to fuzzing attacks,
buffer overflow and DoS attacks that affect all the devices and networks. The services or the
network ports should not expose to UPnP.
4. Absence of Encryption
a) The intruder use the unencrypted data that has being exchanged with the IoT devices. They
could easily sniff the data and capture it for later use. The vulnerabilities that have come due to
such issue leads to; unencrypted services of the internet and local network, the TLS/SSL has
poorly implemented and misfigured.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. Instead of using a proprietary encryption protocols it is better to accept encryption
standard protocols such as TLS and SSL to transit network. If in case the TLS or SSL is not
available in the industry then it is better use standard encryption protocol.
5. Concern related to privacy
a) The concern of privacy has generated from personal data collection due to improper
protection. The data has reviewed easily once the user activates and set up the device. The
vulnerabilities that has come due to such issue leads to unnecessary collection of personal data.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. Data should be collected only for critical functionality devices. Data that are
collected should be less sensitive in nature and is anonymized or de-identified. The personal
information and collected data are properly protected with encryption and only authorized person
can access the information.
6. Interface of the cloud is insecure
a) Security issues related to the interface of the cloud allows attacker to access an unencrypted
format of data travelling or poor authentication control (Rahman, Daud & Mohamad, 2016).
Such vulnerability leads to expose of credential to traffic of network, enumeration of the account
and account not lockout.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. There should be options available to configure the password control and keep a
strong password with the use of a secure password recovery (Bonneau et al., 2015). Whenever
necessary to get access to granular control, it is better to ensure that the credentials has protected
properly. For sensitive features, re-authentication is required and implementation of two-step
authentication is necessary.
3. Network Services are not secure
a) In network services the intruder gain access to unauthorized device that are associated with the
data. The vulnerabilities that has come due to such issue leads to overflow of buffer, Ports are
Open via UPnP, Utilizing the UDP Services, Denial-of-Services via Fuzzing of Network Device.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. It is necessary to ensure that services should not be vulnerable to fuzzing attacks,
buffer overflow and DoS attacks that affect all the devices and networks. The services or the
network ports should not expose to UPnP.
4. Absence of Encryption
a) The intruder use the unencrypted data that has being exchanged with the IoT devices. They
could easily sniff the data and capture it for later use. The vulnerabilities that have come due to
such issue leads to; unencrypted services of the internet and local network, the TLS/SSL has
poorly implemented and misfigured.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. Instead of using a proprietary encryption protocols it is better to accept encryption
standard protocols such as TLS and SSL to transit network. If in case the TLS or SSL is not
available in the industry then it is better use standard encryption protocol.
5. Concern related to privacy
a) The concern of privacy has generated from personal data collection due to improper
protection. The data has reviewed easily once the user activates and set up the device. The
vulnerabilities that has come due to such issue leads to unnecessary collection of personal data.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. Data should be collected only for critical functionality devices. Data that are
collected should be less sensitive in nature and is anonymized or de-identified. The personal
information and collected data are properly protected with encryption and only authorized person
can access the information.
6. Interface of the cloud is insecure
a) Security issues related to the interface of the cloud allows attacker to access an unencrypted
format of data travelling or poor authentication control (Rahman, Daud & Mohamad, 2016).
Such vulnerability leads to expose of credential to traffic of network, enumeration of the account
and account not lockout.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. At the initial setup, the user default username and password should be change using a
password reset mechanism. After three to five login attempts failed, the account should lockout.
If possible to implement two-step verification and to avoid the credential to get reveal on the
internet.
7. Interface of the mobile is insecure
a) Security issues related to the interface of the mobile is similar to that of the cloud, it allows
attacker to access an unencrypted as the process of authentication is weak. The vulnerabilities
that have come due to such issue leads to expose of credential to traffic of network, enumeration
of the account and account not lockout.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. At the initial setup, the user default username and password should be change using a
password reset mechanism. After three to five login attempts failed, the account should lockout.
If possible to implement two-step verification and to avoid the credential to get reveal on the
internet.
8. Weak security configuration
a) When the users do not have the ability to change or have limited security control then a weak
security configuration occurs which is visible when granular user permissions have created by
web interface for a strong password (Pescatore & Shpantzer, 2014). The attacker then easily
attack and get unauthorized access to IoT device or data. The vulnerabilities that has come due to
such issue leads to lack of model of granular permission and the option of password security and
absence of security monitoring and logging.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. It should have the ability to enable the logging and notify the end-user of the security
evens, to provide strong password and encrypt the data in transit or at rest.
9. Firmware/ Software are insecure
a) If the device does not have the ability to be updated then the security weakness occurs. The
inability of the Firmware/ Software that has updated creates a security issue and is not protected
(Fysarakis et al., 2014). Further, if the devices have a sensitive credential exposed then it will
remain so for a longer period. The vulnerabilities that have come due to such issue leads to;
Fetching of Updates without encryption, File updated without encryption, Sensitive information
contains in the firmware.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. The device should have the ability to update files that has encrypted and transmitted
through an encryption method. The server should be secure before uploading any update.
10. Physical security is poor
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. At the initial setup, the user default username and password should be change using a
password reset mechanism. After three to five login attempts failed, the account should lockout.
If possible to implement two-step verification and to avoid the credential to get reveal on the
internet.
7. Interface of the mobile is insecure
a) Security issues related to the interface of the mobile is similar to that of the cloud, it allows
attacker to access an unencrypted as the process of authentication is weak. The vulnerabilities
that have come due to such issue leads to expose of credential to traffic of network, enumeration
of the account and account not lockout.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. At the initial setup, the user default username and password should be change using a
password reset mechanism. After three to five login attempts failed, the account should lockout.
If possible to implement two-step verification and to avoid the credential to get reveal on the
internet.
8. Weak security configuration
a) When the users do not have the ability to change or have limited security control then a weak
security configuration occurs which is visible when granular user permissions have created by
web interface for a strong password (Pescatore & Shpantzer, 2014). The attacker then easily
attack and get unauthorized access to IoT device or data. The vulnerabilities that has come due to
such issue leads to lack of model of granular permission and the option of password security and
absence of security monitoring and logging.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. It should have the ability to enable the logging and notify the end-user of the security
evens, to provide strong password and encrypt the data in transit or at rest.
9. Firmware/ Software are insecure
a) If the device does not have the ability to be updated then the security weakness occurs. The
inability of the Firmware/ Software that has updated creates a security issue and is not protected
(Fysarakis et al., 2014). Further, if the devices have a sensitive credential exposed then it will
remain so for a longer period. The vulnerabilities that have come due to such issue leads to;
Fetching of Updates without encryption, File updated without encryption, Sensitive information
contains in the firmware.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. The device should have the ability to update files that has encrypted and transmitted
through an encryption method. The server should be secure before uploading any update.
10. Physical security is poor
8ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
a) Weaknesses of physical security occur when attackers get access to data stored in any storage
medium through USB ports or external ports. The vulnerabilities that has come due to such issue
leads to removal of the storage media and software access through USB ports.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. USB ports and other external device has used for malicious access and so only the
required ports to be used for the product to function that has the ability to limit the administrative
capabilities. Medium of Data Storage should be encrypted at rest that cannot be easily remove.
Recommendation
Data Collection: Data should be collected only for critical functionality devices.
Proper Authentication: While making any initial setup, the default password and default
usernames need to be changed. There should be options available to configure the password
control and keep a strong password with the use of a secure password recovery.
Granular control access: Whenever necessary to get access to granular control, it is
better to ensure that the credentials has protected properly.
Encryption: The device should have the ability to update files that has encrypted and
transmitted through an encryption method.
Conclusion
This report concludes that IoT threats need a regular review to ensure the protection
mechanism. The report also discussed that the threat has split into a human elements and non-
human elements and about the ransome IoT recent attacks. It has address the security requires for
an organization related to the availability, confidentiality and integrity. It has found that the
software vulnerability has identified in software application, control software and operating
system but in the case of hardware vulnerability, it is very difficult to identify the hardware
vulnerability and even if the vulnerability has identified, it is then again difficult to fix them due
to the hardware interoperability and compatibility. Many organization faced problem to
effectively filter out the false positive from an assessment applications. It has mentioned the
consequence happen due to cyber attacks in search of sensitive information that attack the
network to access the unencrypted data traffic. Therefore, in the final section the OWASO
Internet of Things provided with top ten security issues that they have faced with IoT devices
and has suggested some of the countermeasures of it.
a) Weaknesses of physical security occur when attackers get access to data stored in any storage
medium through USB ports or external ports. The vulnerabilities that has come due to such issue
leads to removal of the storage media and software access through USB ports.
b) To protect the threat that is mention above, some countermeasures has suggested mitigating
the threats. USB ports and other external device has used for malicious access and so only the
required ports to be used for the product to function that has the ability to limit the administrative
capabilities. Medium of Data Storage should be encrypted at rest that cannot be easily remove.
Recommendation
Data Collection: Data should be collected only for critical functionality devices.
Proper Authentication: While making any initial setup, the default password and default
usernames need to be changed. There should be options available to configure the password
control and keep a strong password with the use of a secure password recovery.
Granular control access: Whenever necessary to get access to granular control, it is
better to ensure that the credentials has protected properly.
Encryption: The device should have the ability to update files that has encrypted and
transmitted through an encryption method.
Conclusion
This report concludes that IoT threats need a regular review to ensure the protection
mechanism. The report also discussed that the threat has split into a human elements and non-
human elements and about the ransome IoT recent attacks. It has address the security requires for
an organization related to the availability, confidentiality and integrity. It has found that the
software vulnerability has identified in software application, control software and operating
system but in the case of hardware vulnerability, it is very difficult to identify the hardware
vulnerability and even if the vulnerability has identified, it is then again difficult to fix them due
to the hardware interoperability and compatibility. Many organization faced problem to
effectively filter out the false positive from an assessment applications. It has mentioned the
consequence happen due to cyber attacks in search of sensitive information that attack the
network to access the unencrypted data traffic. Therefore, in the final section the OWASO
Internet of Things provided with top ten security issues that they have faced with IoT devices
and has suggested some of the countermeasures of it.
9ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
References
Bonneau, J., Herley, C., Van Oorschot, P. C., & Stajano, F. (2015). Passwords and the evolution
of imperfect authentication. Communications of the ACM, 58(7), 78-87.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., & Chon, S. (2014). An analysis of the
nature of groups engaged in cyber crime.
Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), 31.
Florêncio, D., Herley, C., & Van Oorschot, P. C. (2014, November). An Administrator's Guide
to Internet Password Research. In LISA (Vol. 14, pp. 35-52).
Fysarakis, K., Hatzivasilis, G., Rantos, K., Papanikolaou, A., & Manifavas, C. (2014).
Embedded Systems Security Challenges. In PECCS (pp. 255-266).
Hamidi, H. (2016). Safe Use of the Internet of Things for Privacy Enhancing. Information
Systems & Telecommunication, 145.
Hossain, M. M., Fotouhi, M., & Hasan, R. (2015, June). Towards an analysis of security issues,
challenges, and open problems in the internet of things. In Services (SERVICES), 2015
IEEE World Congress on (pp. 21-28). IEEE.
Hummen, R., Shafagh, H., Raza, S., Voig, T., & Wehrle, K. (2014, June). Delegation-based
Authentication and Authorization for the IP-based Internet of Things. In Sensing,
Communication, and Networking (SECON), 2014 Eleventh Annual IEEE International
Conference on (pp. 284-292). Ieee.
Jenab, K., & Moslehpour, S. (2016). Cyber Security Management: A Review. Bus. Manag.
Dyn, 5(11), 16-39.
Jose, A. C., & Malekian, R. (2015). Smart home automation security. SmartCR, 5(4), 269-285.
Kim, J. H. (2017). A Survey of IoT Security: Risks, Requirements, Trends, and Key
Technologies. Journal of Industrial Integration and Management, 1750008.
Kundi, G. M., Nawaz, A., Akhtar, R., & MPhil Student, I. E. R. (2014). Digital revolution,
cyber-crimes and cyber legislation: A challenge to governments in developing
countries. Journal of Information Engineering and Applications, 4(4), 61-71.
Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and
challenges for enterprises. Business Horizons, 58(4), 431-440.
Mukati, M. A., & Ali, S. M. (2014). The vulnerability of cyber security and strategy to conquer
the potential threats on business applications. Journal of Independent Studies and
Research, 12(1), 56.
References
Bonneau, J., Herley, C., Van Oorschot, P. C., & Stajano, F. (2015). Passwords and the evolution
of imperfect authentication. Communications of the ACM, 58(7), 78-87.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B., & Chon, S. (2014). An analysis of the
nature of groups engaged in cyber crime.
Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), 31.
Florêncio, D., Herley, C., & Van Oorschot, P. C. (2014, November). An Administrator's Guide
to Internet Password Research. In LISA (Vol. 14, pp. 35-52).
Fysarakis, K., Hatzivasilis, G., Rantos, K., Papanikolaou, A., & Manifavas, C. (2014).
Embedded Systems Security Challenges. In PECCS (pp. 255-266).
Hamidi, H. (2016). Safe Use of the Internet of Things for Privacy Enhancing. Information
Systems & Telecommunication, 145.
Hossain, M. M., Fotouhi, M., & Hasan, R. (2015, June). Towards an analysis of security issues,
challenges, and open problems in the internet of things. In Services (SERVICES), 2015
IEEE World Congress on (pp. 21-28). IEEE.
Hummen, R., Shafagh, H., Raza, S., Voig, T., & Wehrle, K. (2014, June). Delegation-based
Authentication and Authorization for the IP-based Internet of Things. In Sensing,
Communication, and Networking (SECON), 2014 Eleventh Annual IEEE International
Conference on (pp. 284-292). Ieee.
Jenab, K., & Moslehpour, S. (2016). Cyber Security Management: A Review. Bus. Manag.
Dyn, 5(11), 16-39.
Jose, A. C., & Malekian, R. (2015). Smart home automation security. SmartCR, 5(4), 269-285.
Kim, J. H. (2017). A Survey of IoT Security: Risks, Requirements, Trends, and Key
Technologies. Journal of Industrial Integration and Management, 1750008.
Kundi, G. M., Nawaz, A., Akhtar, R., & MPhil Student, I. E. R. (2014). Digital revolution,
cyber-crimes and cyber legislation: A challenge to governments in developing
countries. Journal of Information Engineering and Applications, 4(4), 61-71.
Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and
challenges for enterprises. Business Horizons, 58(4), 431-440.
Mukati, M. A., & Ali, S. M. (2014). The vulnerability of cyber security and strategy to conquer
the potential threats on business applications. Journal of Independent Studies and
Research, 12(1), 56.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10ASSESSMENT ON INTERNET OF THINGS (IOT) RISK MANAGEMENT
Papp, D., Ma, Z., & Buttyan, L. (2015, July). Embedded systems security: Threats,
vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th
Annual Conference on (pp. 145-152). IEEE.
Pescatore, J., & Shpantzer, G. (2014). Securing the internet of things survey. SANS Institute, 1-
22.
Rahman, A. F. A., Daud, M., & Mohamad, M. Z. (2016, March). Securing sensor to cloud
ecosystem using internet of things (iot) security framework. In Proceedings of the
International Conference on Internet of things and Cloud Computing (p. 79). ACM.
Rehman, S., Kriebel, F., Shafique, M., & Henkel, J. (2014). Reliability-driven software
transformations for unreliable hardware. IEEE Transactions on Computer-Aided Design
of Integrated Circuits and Systems, 33(11), 1597-1610.
Sadiq, S., & Governatori, G. (2015). Managing regulatory compliance in business processes.
In Handbook on Business Process Management 2 (pp. 265-288). Springer Berlin
Heidelberg.
Papp, D., Ma, Z., & Buttyan, L. (2015, July). Embedded systems security: Threats,
vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th
Annual Conference on (pp. 145-152). IEEE.
Pescatore, J., & Shpantzer, G. (2014). Securing the internet of things survey. SANS Institute, 1-
22.
Rahman, A. F. A., Daud, M., & Mohamad, M. Z. (2016, March). Securing sensor to cloud
ecosystem using internet of things (iot) security framework. In Proceedings of the
International Conference on Internet of things and Cloud Computing (p. 79). ACM.
Rehman, S., Kriebel, F., Shafique, M., & Henkel, J. (2014). Reliability-driven software
transformations for unreliable hardware. IEEE Transactions on Computer-Aided Design
of Integrated Circuits and Systems, 33(11), 1597-1610.
Sadiq, S., & Governatori, G. (2015). Managing regulatory compliance in business processes.
In Handbook on Business Process Management 2 (pp. 265-288). Springer Berlin
Heidelberg.
1 out of 11
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.