Nine questions to ask to decrease your cyber risk from the Internet of things

It may sound like the title of a sci-fi horror film, but the Internet of Things (IoT) is creating threats and opportunities for businesses as connected devices are increasingly brought into the workplace, according to the Global IT association ISACA.

To help its members get to grips with the potential threats from the IoT, ISACA has issued new guidance in the form of a document called “Internet of Things: Risk and Value Considerations”.

And it has issued a list of nine questions which it recommends all business leaders ask themselves:

  • How will the device be used from a business perspective, and what business value is expected?
  • What threats are anticipated, and how will they be mitigated?
  • Who will have access to the device, and how will their identities be established and proven?
  • What is the process for updating the device in the event of an attack or vulnerability?
  • Who is responsible for monitoring new attacks or vulnerabilities pertaining to the device?
  • Have risk scenarios been evaluated and compared to anticipated business value?
  • What personal information is collected, stored and/or processed by the IoT device?
  • Do the individuals whose information is being collected know that it is being collected and used, and have they given consent?
  • With whom will the data be shared?

These questions are particularly critical given that 43% of enterprises are leveraging IoT already, or have plans to do so in 2015, according to ISACA’s IT Risk/Reward Barometer survey.

Robert Stroud, International President of ISACA
Robert Stroud, International President of ISACA

“Connected devices are everywhere—from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors,” said Robert Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Often, organizations can be using IoT without even realizing it—which means their risk management stakeholders are not involved and potential attack vectors are going unmonitored.”

ISACA’s free “Internet of Things: Risk and Value Considerations” guide was released today as a free download. The paper includes dos and don’ts for the IoT, and outlines the types of risks organisations must consider. The guide is the first in a series of IoT papers that will address security, privacy, compliance and assurance issues.

Links
Free publication: Internet of Things: Risk and Value Considerations
ISACA’s IT Risk/Reward Barometer survey

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Image provided by SentinelOne

SentinelOne to Spotlight AI-Power at GISEC 2025

SentinelOne announces its participation at GISEC Global 2025 (6-8 May) at the Dubai World Trade Centre. The company will highlight..
Two young intercultural programmers trying to solve problem with access to data while interacting in front of computers

DDoS attacks targeting critical infrastructure

NETSCOUT released its 2H2024 DDoS Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS)…
Copyright: Security Buyer

ASIS UK Launches “Security is You(th)” Hackathon

ASIS International UK has launched Security is You(th), an initiative designed to engage students and early-career professionals…
BeyondTrust

Into the Cloud – Morey J. Haber, BeyondTrust

The January edition of International Security Buyer featured Morey J Haber, Chief Security Advisor for BeyondTrust in our Into the Cloud…
Riham Security website

Growing Intersec Saudi Arabia

Intersec Saudi Arabia’s Event Director, Riham Sedik, discusses the event’s future growth and government partnerships

Neustar Security Services introduces UltraPlatform

Neustar Security Services, a provider of cloud-based security services that enable businesses to thrive online, is launching UltraPlatform.

Security and fire 2023 trends

In 2023 all industries will face several challenges: sustainability, cost increases, and how to better manage energy & resources.
istorage

Zero trust, maximum caution

John Michael, CEO, iStorage considers the dangerous new ‘golden age’ of ransomware, ways businesses can neutralise..
Scroll to Top