Report: Security of Emerging Connected Systems and IoT Devices
VerifiedAdded on 2021/04/21
|17
|3637
|141
Report
AI Summary
This report provides a comprehensive security evaluation of IoT smart home systems. It begins with an introduction to information security policy and the challenges posed by the proliferation of IoT devices. The report then delves into a detailed security evaluation, outlining the importance of risk ...
Security of Emerging Connected Systems
Student Name:
Course:
Student Name:
Course:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Introduction...............................................................................................................................................3
Security Evaluation...................................................................................................................................4
Tests Findings............................................................................................................................................6
Key legislation relating to information security......................................................................................8
Defense-in-depth solutions........................................................................................................................8
IoT and BYOD Security Design and implementation.............................................................................9
Technological advances in network security.........................................................................................12
Conclusion................................................................................................................................................13
References................................................................................................................................................14
Introduction...............................................................................................................................................3
Security Evaluation...................................................................................................................................4
Tests Findings............................................................................................................................................6
Key legislation relating to information security......................................................................................8
Defense-in-depth solutions........................................................................................................................8
IoT and BYOD Security Design and implementation.............................................................................9
Technological advances in network security.........................................................................................12
Conclusion................................................................................................................................................13
References................................................................................................................................................14
Introduction
Information Security Policy (ISP) governs how various assets of information which include data,
human and infrastructure are protected. Information Security Policy defines a set of rules by a
given organization to all its users of network or internet handling information assets and the
users of this infrastructure ought to abide with the rules in order to ensure the security of the
digitally stored data within the allowed organization boundaries. With the current widespread of
Internet of Things, information security has become quite difficult due to increased internet
vulnerability caused by different IoT devices that are not well secured from attackers. Therefore,
IoT device manufacturers need to integrate security mechanisms into these devices and also
consider defense-in-depth mechanism which provides complimentary security mechanisms in
order to ensure a comprehensive and adaptation of IoT devices that are more secure with
incorporation of device-specific countermeasures to information attacks.
The purpose of this report therefore is to carry a thorough security evaluation on test-bed system
for IoT Smart Homes, determine the security attacks associated with the Smart homes IoT
devices given and provide ways and recommendations in which these attacks could be avoided
by the manufactures of the IoT devices. The report also evaluates various key legislation
associated with information security and how such legislations affects organization’s information
security policy. It also proposes the defense-in-depth solutions to mitigate internet security
vulnerabilities faced by organizations and provides a security design for IoT and BYOB in a
private network (Gruessner, 2015). Finally, the report highlights on some of the advanced
technologies currently in use for enhancing network security that could be implemented by the
IoT devices manufacturers.
Information Security Policy (ISP) governs how various assets of information which include data,
human and infrastructure are protected. Information Security Policy defines a set of rules by a
given organization to all its users of network or internet handling information assets and the
users of this infrastructure ought to abide with the rules in order to ensure the security of the
digitally stored data within the allowed organization boundaries. With the current widespread of
Internet of Things, information security has become quite difficult due to increased internet
vulnerability caused by different IoT devices that are not well secured from attackers. Therefore,
IoT device manufacturers need to integrate security mechanisms into these devices and also
consider defense-in-depth mechanism which provides complimentary security mechanisms in
order to ensure a comprehensive and adaptation of IoT devices that are more secure with
incorporation of device-specific countermeasures to information attacks.
The purpose of this report therefore is to carry a thorough security evaluation on test-bed system
for IoT Smart Homes, determine the security attacks associated with the Smart homes IoT
devices given and provide ways and recommendations in which these attacks could be avoided
by the manufactures of the IoT devices. The report also evaluates various key legislation
associated with information security and how such legislations affects organization’s information
security policy. It also proposes the defense-in-depth solutions to mitigate internet security
vulnerabilities faced by organizations and provides a security design for IoT and BYOB in a
private network (Gruessner, 2015). Finally, the report highlights on some of the advanced
technologies currently in use for enhancing network security that could be implemented by the
IoT devices manufacturers.
Security Evaluation
For quality information security for the IoT, identifying various risks associated with the
information infrastructure, assets and data is quite critical as this will enable the IoT (Labrien and
Labrien, 2016) device manufacturers be able to categorized relevant information with their
devices as discussed below.
Security Policy
A risk management plan for each device should be put in place. This plan will involve
identifying a security policy that ought to be put into place in order to ensure that the perceived
risks associated with the smart home devices are well managed and controlled (InfoSec
Resources, 2018). Therefore it is the responsibility of the IoT manufacturers to ensure that a
security policy that is based on the risk management strategy is in place. The security policy in
place should be aimed at “Protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction, in order to provide integrity,
confidentiality, and availability.”. Access control and information privacy policies will help in
management of risks related to Smart home IoT devices such as the thermostat and music player
(Cisco, 2018). Therefore the manufacture should consider having an information security policy
that governs how the devices are developed, tested and analyzed for any vulnerabilities.
Security Model
Having defined the security policy for each IoT device and the information system at large the
manufacturer need to develop a security model. This security model outlines how various
security policies will be implemented and enforced into information devices. The security model
For quality information security for the IoT, identifying various risks associated with the
information infrastructure, assets and data is quite critical as this will enable the IoT (Labrien and
Labrien, 2016) device manufacturers be able to categorized relevant information with their
devices as discussed below.
Security Policy
A risk management plan for each device should be put in place. This plan will involve
identifying a security policy that ought to be put into place in order to ensure that the perceived
risks associated with the smart home devices are well managed and controlled (InfoSec
Resources, 2018). Therefore it is the responsibility of the IoT manufacturers to ensure that a
security policy that is based on the risk management strategy is in place. The security policy in
place should be aimed at “Protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction, in order to provide integrity,
confidentiality, and availability.”. Access control and information privacy policies will help in
management of risks related to Smart home IoT devices such as the thermostat and music player
(Cisco, 2018). Therefore the manufacture should consider having an information security policy
that governs how the devices are developed, tested and analyzed for any vulnerabilities.
Security Model
Having defined the security policy for each IoT device and the information system at large the
manufacturer need to develop a security model. This security model outlines how various
security policies will be implemented and enforced into information devices. The security model
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
therefore acts as the IoT device security architecture that shows clearly the structure of the
security mechanism for a given device as defined.
Information Assets
This include the physical device, the information infrastructure and the data contained in the
information system. As it is the case with the Smart Home, the information system for this IoT
environment consist of a centralized MQTT server coordinating the transfer of messages sent
and received from the thermostat, music player and the dummy temperature sensor. The user of
the smart home system interacts with the database server via a web front-end application which
allows the user to store local information and device settings. Therefore, the security of this
smart home system is very crucial since any asset of this system can be a target of an attack from
outsiders. Also considering that the system operate via a network, the manufacturers should
ensure that each device is well protected as well as the whole infrastructure in order to reduce the
risk of attack.
Attackers and Threats
Identifying the kind of attackers that are likely to interfere with the information system provides
a clear understating of the kind of a threat the system is exposed to. Considering how sensitive a
smart home system is, the manufacturer of the IoT devices should provide quality systems that
keeps off spies, hackers, criminals, terrorists and use of script kiddies from access the smart
home information system as this will compromise the privacy of the home owner as well as
exposing them to danger. For example, in the case when the attacker gains access to the smart
home thermostat, the attacker could modify it thus disabling security locks, spy on the children
activities or even provide access to thugs into the house since the attacker can open the doors and
security mechanism for a given device as defined.
Information Assets
This include the physical device, the information infrastructure and the data contained in the
information system. As it is the case with the Smart Home, the information system for this IoT
environment consist of a centralized MQTT server coordinating the transfer of messages sent
and received from the thermostat, music player and the dummy temperature sensor. The user of
the smart home system interacts with the database server via a web front-end application which
allows the user to store local information and device settings. Therefore, the security of this
smart home system is very crucial since any asset of this system can be a target of an attack from
outsiders. Also considering that the system operate via a network, the manufacturers should
ensure that each device is well protected as well as the whole infrastructure in order to reduce the
risk of attack.
Attackers and Threats
Identifying the kind of attackers that are likely to interfere with the information system provides
a clear understating of the kind of a threat the system is exposed to. Considering how sensitive a
smart home system is, the manufacturer of the IoT devices should provide quality systems that
keeps off spies, hackers, criminals, terrorists and use of script kiddies from access the smart
home information system as this will compromise the privacy of the home owner as well as
exposing them to danger. For example, in the case when the attacker gains access to the smart
home thermostat, the attacker could modify it thus disabling security locks, spy on the children
activities or even provide access to thugs into the house since the attacker can open the doors and
monitor the activities remotely without the owner’s consent. Therefore identifying the kind of
attackers and threats associated with smart homes will ensure that the manufacturer implements
strong security counter measures to mitigate the threats.
Tests Findings
This provides the results obtained after carrying out a penetration test for the Smart Home IoT
application. There was a number of vulnerabilities identified during the penetration testing
activity that could compromise the confidentiality and privacy of the home owner’s information.
The vulnerabilities ranged from access control of the MQTT Server that hosted the database
server thus exposing the system to interference from the attackers which compromised the whole
information security system.
The web front-end application that gives access to the MQTT server where the database is
vulnerable to the SQL injections. The input fields where the credentials are entered are not well
validated thus making it possible for the attacker manipulate the system using SQL scripts thus
gaining access to the server. Using the SQL script below exposed the user credentials which
include the usernames and passwords.
SELECT username
FROM table
WHERE username = 'x' AND user IS NULL; --';
This is a security vulnerability as it allows attackers such as hackers to gain have unauthorized
access to the smart home IoT system thus putting the home owner at risk. This security
vulnerability could allow the attacker to access the database, modify the IoT device settings or
delete important information as well. If the attacker gains con troll of the devices such as the
attackers and threats associated with smart homes will ensure that the manufacturer implements
strong security counter measures to mitigate the threats.
Tests Findings
This provides the results obtained after carrying out a penetration test for the Smart Home IoT
application. There was a number of vulnerabilities identified during the penetration testing
activity that could compromise the confidentiality and privacy of the home owner’s information.
The vulnerabilities ranged from access control of the MQTT Server that hosted the database
server thus exposing the system to interference from the attackers which compromised the whole
information security system.
The web front-end application that gives access to the MQTT server where the database is
vulnerable to the SQL injections. The input fields where the credentials are entered are not well
validated thus making it possible for the attacker manipulate the system using SQL scripts thus
gaining access to the server. Using the SQL script below exposed the user credentials which
include the usernames and passwords.
SELECT username
FROM table
WHERE username = 'x' AND user IS NULL; --';
This is a security vulnerability as it allows attackers such as hackers to gain have unauthorized
access to the smart home IoT system thus putting the home owner at risk. This security
vulnerability could allow the attacker to access the database, modify the IoT device settings or
delete important information as well. If the attacker gains con troll of the devices such as the
thermostat, the house is no longer secure since everything that the house owner will be doing
will not be confidential nor private as it should be.
Another vulnerability found during penetration testing is the use of weak password. Generally,
the smart home owner’s password was ‘12345’ which is the default password provided by the
manufacturer and thus making it easy for attackers to crack it by using brute-force methods. This
kind of vulnerability expose the whole Smart Home IoT system to threats such as unauthorized
access and considering that this provides an administrative access, the information system is
therefore rendered unsecure and the integrity of the information contained in this system is not
guaranteed.
The Smart Home IoT network is also vulnerable to attack. The infrastructure is not well secured
with security devices such as firewalls or against interceptions from the outsiders. The
information transmitted across the smart home network is not encrypted and in case of a network
interception the attacker can be able to interprets the information easily thus interfering with the
privacy of the Smart Home information (Craig, 2015).
Also by gaining access to the system, it was possible to remotely control the thermostat and the
music player. This shows that the specific IoT security is not well structured as it allows anyone
to start and stop them remotely. The manufacturer should ensure that despite the whole system
having a secure authentication, individual devices should have their own access control
mechanism to prevent attackers from controlling them.
The smart home network was also not well segregated. This made it easy to penetrate into the
system using cross scripting site attacks. The web application, server and the database should be
will not be confidential nor private as it should be.
Another vulnerability found during penetration testing is the use of weak password. Generally,
the smart home owner’s password was ‘12345’ which is the default password provided by the
manufacturer and thus making it easy for attackers to crack it by using brute-force methods. This
kind of vulnerability expose the whole Smart Home IoT system to threats such as unauthorized
access and considering that this provides an administrative access, the information system is
therefore rendered unsecure and the integrity of the information contained in this system is not
guaranteed.
The Smart Home IoT network is also vulnerable to attack. The infrastructure is not well secured
with security devices such as firewalls or against interceptions from the outsiders. The
information transmitted across the smart home network is not encrypted and in case of a network
interception the attacker can be able to interprets the information easily thus interfering with the
privacy of the Smart Home information (Craig, 2015).
Also by gaining access to the system, it was possible to remotely control the thermostat and the
music player. This shows that the specific IoT security is not well structured as it allows anyone
to start and stop them remotely. The manufacturer should ensure that despite the whole system
having a secure authentication, individual devices should have their own access control
mechanism to prevent attackers from controlling them.
The smart home network was also not well segregated. This made it easy to penetrate into the
system using cross scripting site attacks. The web application, server and the database should be
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
well segregated and the data transferred across the network be well sanitized to keep off
attackers from interfering with the smart home system.
Key legislation relating to information security
The 1986 Electronic Communications Privacy Act enhances information security by regulating
the interception of wire, electronic, and oral communications in a network (Staff, 2012). This act
protects individual’s information from unlawful search and seizure thus ensuring that
organizations uses security mechanisms, policies and procedures that protect the privacy of
individual’s information. The privacy of customer information regulation in the US state that “it
is the responsibility of the organizations to protect the confidentiality of its customer’s
information”. Therefore, the various legislations affects how different organizations define their
information security policies. Most of these legislation ensures that organizations do not misuse
its customer’s information or provide low quality systems that are less secure, thus exposing its
customers to information risks that could negatively affect them.
With this knowledge therefore it is the responsibility of the manufacturer of the IoT devices to
ensure that the Smart Home system is secure by putting in place quality security mechanisms
that do not allow intruders from gaining access to the information system.
Defense-in-depth solutions
Defense-in-depth methodology provides multiple architecture for security techniques. The
principle of this approach is “Many Silver Bullets Are Better than one”, that is, having many
counter measures to a certain security risks is better than just having one. Therefore, for a secure
smart home system, the manufacturer should not just secure the server and leave the other
devices unsecure. The security mechanism should be implemented in multiple layers to mitigate
attackers from interfering with the smart home system.
Key legislation relating to information security
The 1986 Electronic Communications Privacy Act enhances information security by regulating
the interception of wire, electronic, and oral communications in a network (Staff, 2012). This act
protects individual’s information from unlawful search and seizure thus ensuring that
organizations uses security mechanisms, policies and procedures that protect the privacy of
individual’s information. The privacy of customer information regulation in the US state that “it
is the responsibility of the organizations to protect the confidentiality of its customer’s
information”. Therefore, the various legislations affects how different organizations define their
information security policies. Most of these legislation ensures that organizations do not misuse
its customer’s information or provide low quality systems that are less secure, thus exposing its
customers to information risks that could negatively affect them.
With this knowledge therefore it is the responsibility of the manufacturer of the IoT devices to
ensure that the Smart Home system is secure by putting in place quality security mechanisms
that do not allow intruders from gaining access to the information system.
Defense-in-depth solutions
Defense-in-depth methodology provides multiple architecture for security techniques. The
principle of this approach is “Many Silver Bullets Are Better than one”, that is, having many
counter measures to a certain security risks is better than just having one. Therefore, for a secure
smart home system, the manufacturer should not just secure the server and leave the other
devices unsecure. The security mechanism should be implemented in multiple layers to mitigate
multiple security threats at all levels of the information system infrastructure (RASHID, 2017).
A report by DHS recommended that stating “A single countermeasure cannot be depended on to
mitigate all security issues.” The report continues: “In order to effectively protect industrial
control systems from cyber-attacks, multiple countermeasures are needed that will disseminate
risk over an aggregate of security mitigation techniques”.
Therefore, the manufacturer pf the Smart Home IoT devices should implement physical device
or hardware security and software security. The client server architecture in place for the smart
home should as well be secured. This can be made by ensuring that the information transmitted
across the smart home network is encrypted and that the server where the database is located is
also secured. There should be input validation for the web front-end application for the users to
protect the system against SQL injections and the application should not allow execution of cross
site script. All these solutions should be put in place to ensure that the information system is
secure across all its levels.
IoT and BYOD Security Design and implementation
To understand more of IoT solution, the information system is divided into different layers as
show in the diagram below.
A report by DHS recommended that stating “A single countermeasure cannot be depended on to
mitigate all security issues.” The report continues: “In order to effectively protect industrial
control systems from cyber-attacks, multiple countermeasures are needed that will disseminate
risk over an aggregate of security mitigation techniques”.
Therefore, the manufacturer pf the Smart Home IoT devices should implement physical device
or hardware security and software security. The client server architecture in place for the smart
home should as well be secured. This can be made by ensuring that the information transmitted
across the smart home network is encrypted and that the server where the database is located is
also secured. There should be input validation for the web front-end application for the users to
protect the system against SQL injections and the application should not allow execution of cross
site script. All these solutions should be put in place to ensure that the information system is
secure across all its levels.
IoT and BYOD Security Design and implementation
To understand more of IoT solution, the information system is divided into different layers as
show in the diagram below.
Embedded Systems Layer
This layer consist of sensors, embedded systems and actuators. For this case the thermostat and
the music player belong to this layer and are interconnected together in a Smart Home via
network. These devices can be configured and controlled remotely via the internet and thus their
security is very critical in ensuring that the IoT system enhances individual’s information
protection (Harrison, 2015). Therefore, there should be proper security methods to ensure the
authenticity of the information or data, the transmission media and the network authentication
details between the initial installation and configuration of the IoT device and when the device
has been fully integrated into the IoT infrastructure.
Multi-Service Edge Layer
This layer consist of sensors, embedded systems and actuators. For this case the thermostat and
the music player belong to this layer and are interconnected together in a Smart Home via
network. These devices can be configured and controlled remotely via the internet and thus their
security is very critical in ensuring that the IoT system enhances individual’s information
protection (Harrison, 2015). Therefore, there should be proper security methods to ensure the
authenticity of the information or data, the transmission media and the network authentication
details between the initial installation and configuration of the IoT device and when the device
has been fully integrated into the IoT infrastructure.
Multi-Service Edge Layer
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
This is the IoT layer that supports various connectivity protocols such as the Zigbee, IEEE
802.11, 3G and 4G to accommodate the IoT end devices. This layer supports connectivity both
wired and wireless between different endpoints and in most cases the end points protocols do not
have security capabilities thus rendering the system vulnerable. Therefore, in this layer there
should be security services that protects insecure endpoints
Core Network Layer
This layer provides a medium to transmit data via internet between various subnetworks. This
layer faces threats such as:
Man-in-the-middle (MITM) – this is where an attacker successfully make connections
between endpoints and intercept the transmission of information in the network and
interfering with the flow of the information.
Impersonation (spoofing) – an unauthorized person with access to the system can transmit
malicious traffic to various IoT endpoints on the network.
Confidentiality Interference- This can be compromised if the attacker gain access to the
network and interferes with the information being transmitted.
With this threats, the Security services at this layer should be well defined in order to ensure that
the IoT system as a whole is well secured and protected against the above threats.
Data Center or Cloud Layer
802.11, 3G and 4G to accommodate the IoT end devices. This layer supports connectivity both
wired and wireless between different endpoints and in most cases the end points protocols do not
have security capabilities thus rendering the system vulnerable. Therefore, in this layer there
should be security services that protects insecure endpoints
Core Network Layer
This layer provides a medium to transmit data via internet between various subnetworks. This
layer faces threats such as:
Man-in-the-middle (MITM) – this is where an attacker successfully make connections
between endpoints and intercept the transmission of information in the network and
interfering with the flow of the information.
Impersonation (spoofing) – an unauthorized person with access to the system can transmit
malicious traffic to various IoT endpoints on the network.
Confidentiality Interference- This can be compromised if the attacker gain access to the
network and interferes with the information being transmitted.
With this threats, the Security services at this layer should be well defined in order to ensure that
the IoT system as a whole is well secured and protected against the above threats.
Data Center or Cloud Layer
This layer consist of servers where databases and applications are hosted and all the endpoints
communicates with this layer via the internet. This layer is the backbone of the the entire IoT
(Smart Home) system and security services are very critical in ensuring that the system is
protected against denial of services (DoS), interceptions and hacking. Cryptography mechanisms
and strong access control for authentication security services should be used in this layer to
enhance the security of the entire IoT system
Technological advances in network security
Authentication Technologies
The Term authentication technology is explained as a process that is concerned with the
involvement of many methods that compares all credentials that are given by the user against
those currently in the database file of any user who is authorized or even in situations where the
data present in the servers are authenticated. Its main reason is determining if the user is
permitted to access any file and also keeping control over who is allowed to access the network
or system applications in an organization. Authentication technologies provide a good platform
in which users who access various part of the organization’s system are known and their
activities. With proper network authentication technology it is possible to keep off intruders and
ensure that the system is only accessed by authorized persons.
There are various advance network authentication technologies that are mostly applied and by
AAA, these include; Smart Card authentication and biometric authentication technologies. These
technologies are discussed in the section below.
Smart Card Authentication Technology
This is the use of a small electronic chip which holds user’s information used to identify and
authenticate him/her before gaining access to the network system. Before one logs into the
communicates with this layer via the internet. This layer is the backbone of the the entire IoT
(Smart Home) system and security services are very critical in ensuring that the system is
protected against denial of services (DoS), interceptions and hacking. Cryptography mechanisms
and strong access control for authentication security services should be used in this layer to
enhance the security of the entire IoT system
Technological advances in network security
Authentication Technologies
The Term authentication technology is explained as a process that is concerned with the
involvement of many methods that compares all credentials that are given by the user against
those currently in the database file of any user who is authorized or even in situations where the
data present in the servers are authenticated. Its main reason is determining if the user is
permitted to access any file and also keeping control over who is allowed to access the network
or system applications in an organization. Authentication technologies provide a good platform
in which users who access various part of the organization’s system are known and their
activities. With proper network authentication technology it is possible to keep off intruders and
ensure that the system is only accessed by authorized persons.
There are various advance network authentication technologies that are mostly applied and by
AAA, these include; Smart Card authentication and biometric authentication technologies. These
technologies are discussed in the section below.
Smart Card Authentication Technology
This is the use of a small electronic chip which holds user’s information used to identify and
authenticate him/her before gaining access to the network system. Before one logs into the
system, one is required to insert the card into a card reader and enter his/her personal
identification number (PIN) which is verified and if that person’s details are okay, then one is
given access into the system. Smart cards based authentication technology uses cryptography
authentication method thus making it more secure since the owner of the card has to be there
physically to perform the process before authorization is granted.
Biometric Authentication
This involve the use of biological parts patterns such as fingerprints, iris, voice and retinal. These
particular biological parts are unique to each person and the probability of having two or more
people with the same patterns is very minimal thus this technology can be used to positively
identify a person. From the above named technologies, biometric authentication is one of the
most secure way of protecting unauthorized persons from gaining access to the network system
as it is hard for anyone to falsify such parts.
Conclusion
To help secure the IoT and reduce barriers to adoption, IoT security design should start with
traditional cybersecurity techniques, adapt them to the unique aspects of IoT devices and
environments, and finally incorporate additional defense mechanisms to defend against the
increasingly broad range and vulnerable nature of IoT devices. Following standard security
processes can ensure a thorough review of areas of concern, which can then be followed by
leveraging advanced cybersecurity and device-specific techniques, including a layered, defense-
in-depth approach to security .By properly designing security into IoT devices, financial damage,
reputational damage, and potential risk to human life can be avoided.
identification number (PIN) which is verified and if that person’s details are okay, then one is
given access into the system. Smart cards based authentication technology uses cryptography
authentication method thus making it more secure since the owner of the card has to be there
physically to perform the process before authorization is granted.
Biometric Authentication
This involve the use of biological parts patterns such as fingerprints, iris, voice and retinal. These
particular biological parts are unique to each person and the probability of having two or more
people with the same patterns is very minimal thus this technology can be used to positively
identify a person. From the above named technologies, biometric authentication is one of the
most secure way of protecting unauthorized persons from gaining access to the network system
as it is hard for anyone to falsify such parts.
Conclusion
To help secure the IoT and reduce barriers to adoption, IoT security design should start with
traditional cybersecurity techniques, adapt them to the unique aspects of IoT devices and
environments, and finally incorporate additional defense mechanisms to defend against the
increasingly broad range and vulnerable nature of IoT devices. Following standard security
processes can ensure a thorough review of areas of concern, which can then be followed by
leveraging advanced cybersecurity and device-specific techniques, including a layered, defense-
in-depth approach to security .By properly designing security into IoT devices, financial damage,
reputational damage, and potential risk to human life can be avoided.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References
Administration and Finance. (2018). Information Security Policy. [online] Available at:
http://www.mass.gov/anf/research-and-tech/cyber-security/security-for-state-employees/
security-policies-and-standards/information-security-policy.html [Accessed 22 Apr. 2018].
Bristol.ac.uk. (2016). [online] Available at:
http://www.bristol.ac.uk/media-library/sites/infosec/documents/guide.pdf [Accessed 22 Apr.
2018].
Cengage.com. (2018). [online] Available at:
http://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf [Accessed
22 Apr. 2018].
Cisco. (2018). BYOD Smart Solution Implementation. [online] Available at:
https://www.cisco.com/c/en/us/solutions/byod-smart-solution/implementation.html
[Accessed 22 Apr. 2018].
Cisco. (2018). Securing the Internet of Things: A Proposed Framework. [online] Available at:
https://www.cisco.com/c/en/us/about/security-center/secure-iot-proposed-framework.html
[Accessed 22 Apr. 2018].
Craig, C. (2015). Smart home or dumb security risk?. [online] InfoWorld. Available at:
https://www.infoworld.com/article/2893600/mobile-technology/smart-home-or-dumb-
security-risk.html [Accessed 22 Apr. 2018].
Dickson, B. (2016). Why do we need to take IoT security more seriously?. [online] TechTalks.
Available at: https://bdtechtalks.com/2016/04/20/why-do-we-need-to-take-iot-security-
more-seriously/ [Accessed 22 Apr. 2018].
Administration and Finance. (2018). Information Security Policy. [online] Available at:
http://www.mass.gov/anf/research-and-tech/cyber-security/security-for-state-employees/
security-policies-and-standards/information-security-policy.html [Accessed 22 Apr. 2018].
Bristol.ac.uk. (2016). [online] Available at:
http://www.bristol.ac.uk/media-library/sites/infosec/documents/guide.pdf [Accessed 22 Apr.
2018].
Cengage.com. (2018). [online] Available at:
http://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf [Accessed
22 Apr. 2018].
Cisco. (2018). BYOD Smart Solution Implementation. [online] Available at:
https://www.cisco.com/c/en/us/solutions/byod-smart-solution/implementation.html
[Accessed 22 Apr. 2018].
Cisco. (2018). Securing the Internet of Things: A Proposed Framework. [online] Available at:
https://www.cisco.com/c/en/us/about/security-center/secure-iot-proposed-framework.html
[Accessed 22 Apr. 2018].
Craig, C. (2015). Smart home or dumb security risk?. [online] InfoWorld. Available at:
https://www.infoworld.com/article/2893600/mobile-technology/smart-home-or-dumb-
security-risk.html [Accessed 22 Apr. 2018].
Dickson, B. (2016). Why do we need to take IoT security more seriously?. [online] TechTalks.
Available at: https://bdtechtalks.com/2016/04/20/why-do-we-need-to-take-iot-security-
more-seriously/ [Accessed 22 Apr. 2018].
Gruessner, V. (2015). How BYOD Implementation Impacts Healthcare Security. [online]
mHealthIntelligence. Available at: https://mhealthintelligence.com/news/how-byod-
implementation-impacts-healthcare-security [Accessed 22 Apr. 2018].
Harrison, M. (2015). 5 tips for implementing IoT security — Secure360. [online] Secure360.org.
Available at: https://secure360.org/2016/10/5-tips-for-implementing-iot-security/ [Accessed
22 Apr. 2018].
InfoSec Resources. (2018). Key Elements of an Information Security Policy. [online] Available
at: http://resources.infosecinstitute.com/key-elements-information-security-policy/
[Accessed 22 Apr. 2018].
Labrien, D. and Labrien, D. (2016). Smart Homes: What Are the Security Risks?. [online]
TechCo. Available at: https://tech.co/smart-homes-security-risks-2016-05 [Accessed 22
Apr. 2018].
Meola, A. (2016). How IoT & smart home automation will change the way we live. [online]
Business Insider. Available at: http://www.businessinsider.com/internet-of-things-smart-
home-automation-2016-8?IR=T [Accessed 22 Apr. 2018].
PRICE, M. (2018). How dangerous is the internet of things? The CPSC wants to hear from you.
[online] CNET. Available at: https://www.cnet.com/news/us-consumer-product-safety-
commission-iot-public-hearing-security/ [Accessed 22 Apr. 2018].
RASHID, F. (2017). How to Secure Your (Easily Hackable) Smart Home. [online] Tom's Guide.
Available at: https://www.tomsguide.com/us/secure-smart-home-how-to,news-19380.html
[Accessed 22 Apr. 2018].
mHealthIntelligence. Available at: https://mhealthintelligence.com/news/how-byod-
implementation-impacts-healthcare-security [Accessed 22 Apr. 2018].
Harrison, M. (2015). 5 tips for implementing IoT security — Secure360. [online] Secure360.org.
Available at: https://secure360.org/2016/10/5-tips-for-implementing-iot-security/ [Accessed
22 Apr. 2018].
InfoSec Resources. (2018). Key Elements of an Information Security Policy. [online] Available
at: http://resources.infosecinstitute.com/key-elements-information-security-policy/
[Accessed 22 Apr. 2018].
Labrien, D. and Labrien, D. (2016). Smart Homes: What Are the Security Risks?. [online]
TechCo. Available at: https://tech.co/smart-homes-security-risks-2016-05 [Accessed 22
Apr. 2018].
Meola, A. (2016). How IoT & smart home automation will change the way we live. [online]
Business Insider. Available at: http://www.businessinsider.com/internet-of-things-smart-
home-automation-2016-8?IR=T [Accessed 22 Apr. 2018].
PRICE, M. (2018). How dangerous is the internet of things? The CPSC wants to hear from you.
[online] CNET. Available at: https://www.cnet.com/news/us-consumer-product-safety-
commission-iot-public-hearing-security/ [Accessed 22 Apr. 2018].
RASHID, F. (2017). How to Secure Your (Easily Hackable) Smart Home. [online] Tom's Guide.
Available at: https://www.tomsguide.com/us/secure-smart-home-how-to,news-19380.html
[Accessed 22 Apr. 2018].
Staff, C. (2012). The security laws, regulations and guidelines directory. [online] CSO Online.
Available at: https://www.csoonline.com/article/2126072/compliance/compliance-the-
security-laws-regulations-and-guidelines-directory.html [Accessed 22 Apr. 2018].
Cstl.com. (2018). [online] Available at: https://www.cstl.com/CST/Penetration-Test/CST-Web-
Application-Testing-Report.pdf [Accessed 22 Apr. 2018].
England.nhs.uk. (2016). [online] Available at:
https://www.england.nhs.uk/wp-content/uploads/2016/12/information-security-policy-v3-
1.pdf [Accessed 22 Apr. 2018].
Events.windriver.com. (2016). [online] Available at:
http://events.windriver.com/wrcd01/wrcm/2016/10/IoT-Security-Is-More-Challenging-
Than-Cybersecurity-White-Paper-2.pdf [Accessed 22 Apr. 2018].
Information Security Forum. (2018). Critical Information Asset Management and Protection -
Information Security Forum. [online] Available at:
https://www.securityforum.org/consultancy/critical-informat-and-protection/ [Accessed 22
Apr. 2018].
Sans.org. (2018). [online] Available at:
https://www.sans.org/reading-room/whitepapers/testing/writing-penetration-testing-report-
33343 [Accessed 22 Apr. 2018].
Worldpay.com. (2018). [online] Available at:
http://www.worldpay.com/sites/default/files/WPUK-SaferPayments-Information-Security-
Policy.pdf [Accessed 22 Apr. 2018].
Available at: https://www.csoonline.com/article/2126072/compliance/compliance-the-
security-laws-regulations-and-guidelines-directory.html [Accessed 22 Apr. 2018].
Cstl.com. (2018). [online] Available at: https://www.cstl.com/CST/Penetration-Test/CST-Web-
Application-Testing-Report.pdf [Accessed 22 Apr. 2018].
England.nhs.uk. (2016). [online] Available at:
https://www.england.nhs.uk/wp-content/uploads/2016/12/information-security-policy-v3-
1.pdf [Accessed 22 Apr. 2018].
Events.windriver.com. (2016). [online] Available at:
http://events.windriver.com/wrcd01/wrcm/2016/10/IoT-Security-Is-More-Challenging-
Than-Cybersecurity-White-Paper-2.pdf [Accessed 22 Apr. 2018].
Information Security Forum. (2018). Critical Information Asset Management and Protection -
Information Security Forum. [online] Available at:
https://www.securityforum.org/consultancy/critical-informat-and-protection/ [Accessed 22
Apr. 2018].
Sans.org. (2018). [online] Available at:
https://www.sans.org/reading-room/whitepapers/testing/writing-penetration-testing-report-
33343 [Accessed 22 Apr. 2018].
Worldpay.com. (2018). [online] Available at:
http://www.worldpay.com/sites/default/files/WPUK-SaferPayments-Information-Security-
Policy.pdf [Accessed 22 Apr. 2018].
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 out of 17
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.