Organization: IoTiap Reference: Principles, Practices and a Prescription for Responsible IoT and Embedded Systems Development Published on: 2 December 2016 This document addresses security challenges related to the Internet of Things (IoT). As a working paper, it outlines ideas and approaches to improve the situation.
Organization: European Union Agency for Network and Information Security (ENISA) Reference: Cyber security and resilience for Smart Hospitals Published on: 24 November 2016 This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are supporting a healthcare organisation the report described the Smart Hospital ecosystem and its specific objectives. Based on the analysis of documents and empirical data, and the detailed examination of attack scenarios found to be particularly relevant for smart hospitals, this document identifies mitigation techniques...
Organization: Broadband Internet Technical Advisory Group (BITAG) Reference: Internet of Things (IoT) Security and Privacy Recommendations Published on: 22 November 2016 Report on the technical aspects of Internet of Things (IoT) security and privacy outlining a number of observations and recommendations.
Organization: National Institute of Standards and Technology, U.S. Department of Commerce (NIST) Reference: Systems Security Engineering – NIST SP 800-160 Published on: November 2016 NIST issued the final draft of the new guidance Special Publication 800-160 “Systems Security Engineering – Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems”. The guidelines is intended to help determine the security of IoT devices and assign a level of trustworthiness to each. From the publication Abstract: With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical...
Organization: Department of Homeland Security (DHS) Reference: Strategic Principles For Securing The Internet Of Things Published on: 15 November 2016 US Department of Homeland Security (DHS) issued a set of “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0.” These principles highlight approaches and suggested practices to fortify the security of the IoT and will equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems. The purpose of these principles is to provide stakeholders with tools to comprehensively account for security as they develop, manufacture, implement, or use network-connected devices. It...
Organization: Cloud Security Alliance (CSA) Reference: Future Proofing the Connected World – 13 Steps to Developing Secure IoT Products Published on: 7 October 2016 80-page guidance on development of secure IoT products released by the IoT Working Group of CSA.
Organization: Industrial Internet Consortium (IIC) Reference: Industrial Internet Security Framework (IISF) Published on: 26 September 2016 The Industrial Internet Security Framework (IISF) is a cross-industry-focused, comprehensive (173-pages) security framework outlining number of best practices.
Organization: Automotive Information Sharing and Analysis Center (Auto-ISAC) Reference: Automotive Cybersecurity Best Practices Published on: 21 July 2016 The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties.
Organization: National Institute of Standards and Technology (NIST) Reference: SP800-183 Network of 'Things' Published on: July 2016 SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication, and actuation. The material presented here is generic to all distributed systems that employ IoT technologies (i.e., ‘things’ and networks). By having an understanding as to what IoT represents, building IoT-based systems and researching security and reliability concerns of IoT can be accelerated. SP 800-183 is targeted at computer scientists, IT managers, networking specialists, and networking and cloud computing software...
Organization: AT&T Reference: The CEO's Guide to Securing the Internet of Things Published on: 2016 The document provides a strategic framework for securing the IoT, crafted from the work AT&T is doing with customers across many industries — as well as with their own IoT deployments.
Organization: Open Web Application Security Project (OWASP) Reference: Principles of IoT Security Published on: 14 May 2016 16 high-level principles of IoT security.
Organization: Platform Industrie 4.0 Reference: Technical Overview: Secure Identities Published on: April 2016 The aim of this paper is to provide an overview of the security challenges, requirements and approaches for secure identities in Industrie 4.0 environments. This document outlines the additional efforts that will be necessary to ensure the use of sufficiently secure identity features for Industrie 4.0. This document is directed at decision-makers and users in the Industrie 4.0 context. Examples of the framework conditions to be complied with, secure identities, guiding principles, and knowledge and insights that have been gained regarding security are outlined here for this...
Organization: Platform Industrie 4.0 Reference: IT Security in Industrie 4.0 Published on: April 2016 The essential prerequisite for a successful implementation of Industrie 4.0 is a secure and trustworthy treatment of data and a reliable protection of inter-company communication from external attacks. The guideline gives an insight into the subject.
Organization: I Am The Cavalry Reference: Hippocratic Oath for Connected Medical Devices Published on: 19 January 2016 High-level principles for connected medical devices.
Organization: European Union Agency for Network and Information Security (ENISA) Reference: Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations Published on: 25 December 2015 This study aims at securing Smart Home Environments from cyber threats by highlighting good practices that apply to every step of a product lifecycle: its development, its integration in Smart Home Environments, and its usage and maintenance until end-of-life. The study also highlights the applicability of the security measures to different types of devices. The good practices apply to manufacturers, vendors, solution providers for hardware and software, and developers.