Home // SECURWARE 2019, The Thirteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Surveying the Incorporation of IoT Devices into Cybersecurity Risk Management Frameworks

Authors:
Aaron Pendleton
Dillon Pettit
Richard Dill

Keywords: IoT, RMF, cybersecurity, risk, ICS

Abstract:
This paper reviews the state of the art for incorporating Mobile Devices, Industrial Control Systems, and Internet of Things systems into present risk analysis framework models. Internet of Things devices present unique risks to a network due to their highly connective and physically interactive nature. This physical influence can be leveraged to access peripherals beyond the immediate scope of the network, or to gain unauthorized access to systems which would not otherwise be accessible. A 2017 Government Accountability Office report on the current state of Internet of Things device security noted a lack of dedicated policy and guidance within the United States government cybersecurity risk assessment construct and similar private sector equivalents. Surveyed in this paper are 28 original frameworks designed to be implemented in enterprise networks. In this research the comparison of frameworks is analyzed to assess each system's ability to provide risk analysis for Internet of Things devices. The research categories are level of implementation, quantitative or qualitative scoring matrix, and support for future development. This survey demonstrates there are few risk management frameworks currently available which attempt to incorporate both cyber-physical systems and enterprise architecture in a large scale network.

Pages: 128 to 133

Copyright: Copyright (c) IARIA, 2019

Publication date: October 27, 2019

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-746-7

Location: Nice, France

Dates: from October 27, 2019 to October 31, 2019