Home // International Journal On Advances in Internet Technology, volume 13, numbers 1 and 2, 2020 // View article
Authors:
Aaron Pendleton
Richard D Dill
James Okolica
Dillon Pettit
Marvin Newlin
Keywords: IoT; Mobile; Cybersecurity; Risk; ICS
Abstract:
—This paper reviews the state of the art in cyber risk management with a focus on the adaptations in methodology to account for Mobile Devices, Industrial Control Systems, and Internet of Things systems into present risk analysis framework models. Internet of Things devices present unique risks to a network due to their highly connective and physically interactive nature. This physical influence can be leveraged to access peripherals beyond the immediate scope of the network, or to gain unauthorized access to systems which would not otherwise be accessible. A 2017 Government Accountability Office report on the current state of Internet of Things device security noted a lack of dedicated policy and guidance within the United States government cybersecurity risk assessment construct and similar private sector equivalents. The purpose of this paper is to expand that work and assess additional risk models. Surveyed in this paper are 30 original frameworks designed to be implemented in enterprise networks. In this research, the comparison of frameworks is analyzed to assess each system’s ability to provide risk analysis for Internet of Things devices. The research categories are level of implementation, quantitative or qualitative scoring matrix, and support for future development. This survey demonstrates that there are few risk management frameworks currently available which attempt to incorporate both cyber-physical systems and enterprise architecture in a large scale network.
Pages: 73 to 82
Copyright: Copyright (c) to authors, 2020. Used with permission.
Publication date: June 30, 2020
Published in: journal
ISSN: 1942-2652