Considering ISO27001 for IoT Security Readiness - Cyber Security Blogs - Valency Networks - Best VAPT Penetration Testing Cyber Security Company - Pune Mumbai Hyderabad Delhi Bangalore Ahmedabad Kolkata India Dubai Bahrain Qatar Kuwait Singapore Australia USA UK Germany Croatia Botswana Mauritius

Author
Recent Posts

Latest posts by Prashant (see all)

Are Android Apps More Secure or iOS Apps - 26/04/2024
Is XSS Vulnerability Possible on Mobile Apps - 17/04/2024
Difference Between Privilege Escalation Attack and IDOR Attack - 04/03/2024

Manufacturing companies are heading towards IoT (Internet of Things) in a fast pace. While most of the companies are focused on automating their production processes, they seems to be losing focus from one key element – information security. This article briefs about typical challenges in IoT Security Readiness and how ISO27001 can help in the process.

Challenges in IoT security

Too many OEM devices which makes it complex to integrate those in a secure way
Too many attack vectors open up, considering complexity of the network
Multiple geographical locations
Usage of cloud technology

How ISO27001 can help?

Since ISO27001 is a risk assessment framework, it comes handy to prepare for the IoT implementation. Following 10 step program, provide a systematic approach to use the framework in a highly effective way.

Approach IoT technical design one geographical location at a time.
Segregate the design into OEM and home-grown components (software and hardware)
Layout data flow for each of the components (input and output)
Perform technical threat modelling for each component
Note down processes that bind the people with IoT devices
Perform risk assessment based on outcome of threat modelling.
Apply controls as per ISO27001 standard
Create risk mitigation and note down residual risk
Apply ISO27001 controls meant for third party vendors (including cloud service providers)
Repeat the same for other locations and supporting processes

In IoT world, the security is never 100%. It is a continuous improvement process.

Why ISO27001 Compliance?

Over years, it had been practically proven that ISO27001 controls are industry neutral, are very well defined, and hence prove effective to achieve the required information security. If the compliance framework is properly designed for a given scenario, ISO27001 ensures following in an IoT scenario.

Confidentiality of historic logs generated by IoT infrastructure
Integrity of data being input into and handled by IoT devices
Availability of entire IoT infrastructure
Privacy of Personal information being handled by IoT implementation (especially home based IoT)

Extending ISO27001
Its less known that ISO27001 also has an exclusive guideline ISO27030 for ensuring data privacy and security for IoT infrastructures. Also for modern age IoT platforms which extensively use cloud SaaS and PaaS models, there are specific security guidelines ISO27017 and ISO27018.

IoT Security Partners
For a foolproof implementation, its highly recommended to consider a partner or vendor, who is well versed with security technical designing, vulnerability assessment and IoT/SCADA technology.

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30