Organization: NCC Group
Published on: 8 April 2014
The paper takes the reader through a typical IoT product development life-cycle and associated business discussions highlighting the security and privacy impacting areas and decisions that should be considered, why they should be and the potential ramifications if not. In addition for those less experienced in secure hardware and software development lifecycles we also provide a matter of fact look at some of the challenges along the way. At a high-level the paper covers in its 35 or so pages the following:
- Why: security and privacy matter in the IoT.
- Trade-offs: between security and cost.
- Foundations: for security in the IoT and the associated threat Landscape.
- High-level considerations: before designing or developing an IoT product.
- Practical steps: for threat modelling and risks assessments of product requirements, features and design.
- Product lifecycle steps and security: at all stages in the lifecycle including concept, design & architecture, implementation, verification and sustainment.