STAP Journal of Security Risk Management

ISSN: 3080-9444 (Online)

Cyber Risk Management in the Internet of Things: Frameworks, Models, and Best Practices

by 

Mohammed Almaayah ;

Rejwan Bin Sulaiman

PDF logoPDF

Published: 2024/10/06

Abstract

This paper contributes to the ongoing discourse by identifying key risks associated with IoT devices and environments and proposing strategies to mitigate them. The study focuses on three main objectives: (1) identifying the primary security threats affecting IoT devices, (2) outlining best practices for mitigating these risks, and (3) exploring the role of cyber risk management in securing IoT ecosystems. By addressing these aspects, the paper aims to support stakeholders in implementing more robust security frameworks, ensuring confidentiality, integrity, and safety in IoT deployments. Based on an analysis of 35 previous studies, it is evident that a variety of complementary risk management frameworks and models are available to support the secure deployment and operation of IoT devices. These frameworks have been developed for both governmental and commercial use, enabling organizations to tailor their risk management strategies to specific IoT contexts. Among the reviewed studies, seven utilized the ISO framework for risk management in IoT environments, while six applied the NIST framework. Additionally, three studies implemented the OCTAVE framework to assess and mitigate risks. Notably, nine studies each employed a distinct risk management model, including ELK Stack, PDCA Cycle, Cyber Kill Chain (CKC), CSRF, CRAMM, COBIT 5, IoTSRM2, and the Cyber Value at Risk (CVaR) model. These diverse approaches highlight the growing recognition of the need for structured, adaptable, and sector-specific risk management strategies in the rapidly evolving IoT landscape.

Keywords

Internet of Things (IoT)Risk ManagementISO FrameworkNIST FrameworkThreats in IoT

Cyber Risk Management in the Internet of Things: Frameworks, Models, and Best Practices is licensed under CC BY 4.0CCBY

References

  1. Atlam, H. F., Alenezi, A., Alharthi, A., Walters, R. J., & Wills, G. B. (2017). An overview of risk estimation techniques in risk-based access control for the Internet of Things. Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security (IoTBDS 2017), 254–260.
  2. Abbass, W., Bakraouy, Z., Baina, A., & Bellafkih, M. (2019). Assessing the Internet of Things security risks. Journal of Communications.
  3. Radanliev, P., De Roure, D. C., Walton, R., Van Kleek, M., & Nurse, J. R. C. (2018). Future developments in cyber risk assessment for the Internet of Things. Computers in Industry, 102, 14–22.
  4. Vashi, S., Ramani, V., Modi, J., Verma, S., & Prakash, C. (2017). Internet of Things (IoT). 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud).
  5. Abu Bakar, M. A., Roslan, N. F., & Abd Rahman, N. H. (2019). The Internet of Things in healthcare: An overview, challenges and model plan for security risks management process. Indonesian Journal of Electrical Engineering and Computer Science.
  6. Popescu, G. H., Nica, E., & Mocanu, R. (2021). Leaders’ perspectives on IoT security risk management strategies in surveyed organizations relative to IoTSRM2. Applied Sciences, 11(9206).
  7. Lee, I. J. (2020). Internet of Things (IoT) cybersecurity: Literature review and IoT cyber risk management. Future Internet, 12(157). https://doi.org/10.3390/fi12090157
  8. Kandasamy, V., Kandasamy, K., & Vasan, A. (2020). IoT cyber risk: A holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP Journal on Information Security.
  9. Nurse, J. R. C., Creese, S., & De Roure, D. (2017). Security risk assessment in Internet of Things systems. IT Professional, 19(5), 20–26.
  10. Salami, F. (2021). Risk management techniques on the Internet of Things. Journal of Computer Science and Information Systems, 2(5).
  11. Almousa, M., Althunibat, A., & Almalki, A. (2020). Environment-based IoT security risks and vulnerabilities management. International Conference on Computing and Information Technology, University of Tabuk, Saudi Arabia.
  12. Latifi, M., Abhari, A., & Bagheri, E. (2017). A COBIT5 framework for IoT risk management. International Journal of Computer Applications, 170(8).
  13. Ahmed, A., Shah, B., & Khan, A. (2020). Internet of Things (IoT): Vulnerabilities, security concerns and things to consider. 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT).
  14. Köylü, M., Gökalp, E., & Demir, C. (2021). Review of Internet of Things (IoT) security threats and challenges. 1st International Conference on Emerging Smart Technologies and Applications (eSmarTA).
  15. Millar, J., & Rapid, A. (2021). IoT security challenges and mitigations: An introduction.
  16. Lam, P., & Chi, H. (2016). Identity in the Internet-of-Things (IoT): New challenges and opportunities. Springer International Publishing.
  17. Efe, A., Aydin, M., & Yıldırım, H. (2018). Smart security of IoT against DDoS attacks. International Journal of Innovative Engineering Applications, 2(2), 35–43.
  18. Tandon, N., Sharma, A., & Jain, R. (2020). A study on Internet of Things (IoT) security issues and solutions. ResearchGate.
  19. Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal.
  20. Shah, R., & Patel, D. (2017). Applications and challenges faced by Internet of Things – A survey. ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.
  21. Ștefan, S., Costin, A., & Bădău, D. (2020). Considerations regarding the security and safety of Internet of Things. Journal of Computer Science and Control Systems.
  22. Azrour, M., El Ouahidi, B., & El Ghazi, H. (2021). Internet of Things security: Challenges and key issues. Security and Communication Networks, 2021, Article ID 5533843.
  23. Rekha, K., Rani, K. U., & Shobha, G. (2021). Study of security issues and solutions in Internet of Things (IoT). International Conference on Nanoelectronics, Nanophotonics, Nanomaterials, Nanobioscience & Nanotechnology.
  24. Prokofiev, I., & Grinchuk, A. (2018). A method to detect Internet of Things botnets. ResearchGate.
  25. Toka, L., Cinkler, T., & Forczek, G. (2021). Securing IoT with blockchain. 6th International Conference on Smart City Applications, Karabuk University.
  26. Dilawar, M. N., et al. (2019). Blockchain: Securing Internet of Medical Things (IoMT). International Journal of Advanced Computer Science and Applications.
  27. Kokkonis, G. (2020). Securing IoT systems using the blockchain. ResearchGate.
  28. Emam, A. Z., et al. (2020). Securing IoT systems using blockchain algorithms. Communications on Applied Electronics (CAE).
  29. Haque, M. H., et al. (2021). Blockchain technology for IoT security. Turkish Journal of Computer and Mathematics Education.
  30. Dorri, A., et al. (2017). Blockchain for IoT security and privacy: The case study of a smart home.
  31. Ayed, A. B., et al. (2020). Blockchain and IoT: A proposed security framework. 17th International Conference on Information Technology–New Generations.
  32. Kumar, A., et al. (2021). A review on securing IoT with blockchain technology. Science, Technology and Development.
  33. Yeasmin, F., & Baig, Z. (2021). Permissioned blockchain: Securing industrial IoT environments. International Journal of Advanced Computer Science and Applications, 12(4).
  34. Ekanayake, E., & Premarathne, U. S. (2022). Securing IoT devices using blockchain technology: A review. ResearchGate.
  35. Sagirlar, G., Carminati, B., Ferrari, E., Shehab, M., & Lu, H. (2018). AutoBotCatcher: Blockchain-based P2P botnet detection for the Internet of Things. ResearchGate.