Threat Modeling is a very key component of IoT Security Maturity, as stated by Industrial Internet Consortium
The Industrial Internet Consortium (www.iiconsortium.org) recently released a new IoT Security Maturity Model, building upon their Security Framework for Industrial Internet of Things from 2016.
The goal of the Security Maturity Model (SMM) is to provide a path for Internet of Things (IoT) providers to know where they need to be and how to invest in security mechanisms that meet their requirements without over-investing in unnecessary security mechanisms. It seeks to help organizations identify the appropriate approach for effective enhancement of these practices where needed. Deciding where to focus limited security resources is a challenge for most organizations given the complexity of a constantly changing security landscape.
While Threat Modeling was mentioned already in the Framework 2016, it did not have the central position it has now. It is now stated as one of the very key parts in the IoT Security Maturity. This is clearly in line with the market development we at foreseeti see generally, where automation enables threat modeling to become a vital part of the cyber security management.
The report identifies 4 different comprehensiveness levels of threat modeling. The higher levels imply automated and systematic approaches; using tools to describe the architecture of the system to automatically identify threats and possible resolutions. In the Practitioners’ Guide, numerous practical examples across industries are provided, where IIC see that the higher levels are required.
foreseeti note: when you have established your threat modeling and conducted the attack simulations, you are in an ideal position to fulfil the overall objective as stated above; providing insights and deciding where to focus limited security resources.
Read the full reports here:
Industrial Internet Consortium: IoT Security Maturity Model
Industrial Internet Consortium: Practitioners Guide:
Article by: Joakim Nydrén, CEO, foreseeti