Preprint Article Version 1 This version is not peer-reviewed

Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment

Version 1 : Received: 5 March 2019 / Approved: 6 March 2019 / Online: 6 March 2019 (11:47:04 CET)

How to cite: Radanliev, P.; De Roure, D.; R.C. Nurse, J.; Burnap, P.; Anthi, E.; Ani, U.; Maddox, L.; Santos, O.; Mantilla Montalvo, R. Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment. Preprints 2019, 2019030080 (doi: 10.20944/preprints201903.0080.v1). Radanliev, P.; De Roure, D.; R.C. Nurse, J.; Burnap, P.; Anthi, E.; Ani, U.; Maddox, L.; Santos, O.; Mantilla Montalvo, R. Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardisation of Regulations, Risk Maturity, Strategy Design and Impact Assessment. Preprints 2019, 2019030080 (doi: 10.20944/preprints201903.0080.v1).

Abstract

The Internet-of-Things (IoT) enables enterprises to obtain profits from data but triggers data protection questions and new types of cyber risk. Cyber risk regulations for the IoT however do not exist. The IoT risk is not included in the cyber security assessment standards, hence, often not visible to cyber security experts. This is concerning, because companies integrating IoT devices and services need to perform a self-assessment of its IoT cyber security posture. The outcome of such self-assessment needs to define a current and target state, prior to creating a transformation roadmap outlining tasks to achieve the stated target state. In this article, a comparative empirical analysis is performed of multiple cyber risk assessment approaches, to define a high-level potential target state for company integrating IoT devices and/or services. Defining a high-level potential target state represent is followed by a high-level transformation roadmap, describing how company can achieve their target state, based on their current state. The transformation roadmap is used to adapt IoT risk impact assessment with a Goal-Oriented Approach and the Internet of Things Micro Mart model.

Subject Areas

Internet of Things; Micro Mart model; Goal-Oriented Approach; transformation roadmap; Cyber risk regulations; empirical analysis; cyber risk self-assessment; cyber risk target state

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.