15 Oct Risk Assessment for the Internet of Things
e speak about our offensive game so much that we forget that we need good defense in business too, that is, effectively protecting the value we create. However, and I speak from experience, the shiny new things seem so much more important than the seemingly dull security and privacy. Well, when looked at from a risk perspective, security and privacy all of a sudden becomes the purview of the manager. In this episode of the IoT Business Show I speak with Paul Dant about IoT risk assessment as well as security by design, threat modeling and other important topics to the manager.
In this episode of the IoT Business Show I speak with Paul Dant about IoT risk assessment as well as security by design, threat modeling and other important topics to the manager.
Paul is currently Chief Strategist and Managing Principal at Independent Security Evaluators, and has over twenty years of experience in security research and consulting. In practice, he specializes in building pragmatic security solutions, guiding some of the largest enterprises in the world to build effective security programs.
It seems like the pace of the technology has gotten away from us with respect to security and privacy in IoT. Or maybe it’s because our customers aren’t demanding it and feature competition is so high. In the rush to keep up with the pace of technology and its bling we’re not properly taking inventory of the assets that are the basis of all value in IoT, our data. This introduces a high level of risk that no company can afford – just look to the film industry who has similar assets, if you need any motivation.
Here’s What We’ll Cover in this Episode
- How in IoT the awareness of security and privacy concerns are lower even though the risks are higher than in other industries.
- How the reduction in time to market and the importance of convenience is taking our attention off security and privacy.
- Using warning labels, like those on cigarette cartons and alcohol to generate consumer awareness around security and privacy.
- The need to gather security requirements in addition to product requirements.
- The importance of incorporating threat modeling during architecture design.
- The SLA as a risk management tool and extending it from the data center to the IoT platform.
- The design principle of economy of mechanism.
- White box versus black box security testing.
Mentioned in this Episode and Other Useful Links
Support this Podcast
If you have been enjoying this podcast, there are a few ways you can support it:
Have an opinion? Join the discussion in our LinkedIn group
Why do you think security and privacy gets no respect in IoT?Click here if you have an opinion on this podcast or want to see the opinion of others