Search

Nine questions to ask to decrease your cyber risk from the Internet of things

It may sound like the title of a sci-fi horror film, but the Internet of Things (IoT) is creating threats and opportunities for businesses as connected devices are increasingly brought into the workplace, according to the Global IT association ISACA.

To help its members get to grips with the potential threats from the IoT, ISACA has issued new guidance in the form of a document called “Internet of Things: Risk and Value Considerations”.

And it has issued a list of nine questions which it recommends all business leaders ask themselves:

  • How will the device be used from a business perspective, and what business value is expected?
  • What threats are anticipated, and how will they be mitigated?
  • Who will have access to the device, and how will their identities be established and proven?
  • What is the process for updating the device in the event of an attack or vulnerability?
  • Who is responsible for monitoring new attacks or vulnerabilities pertaining to the device?
  • Have risk scenarios been evaluated and compared to anticipated business value?
  • What personal information is collected, stored and/or processed by the IoT device?
  • Do the individuals whose information is being collected know that it is being collected and used, and have they given consent?
  • With whom will the data be shared?

These questions are particularly critical given that 43% of enterprises are leveraging IoT already, or have plans to do so in 2015, according to ISACA’s IT Risk/Reward Barometer survey.

Robert Stroud, International President of ISACA
Robert Stroud, International President of ISACA

“Connected devices are everywhere—from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors,” said Robert Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Often, organizations can be using IoT without even realizing it—which means their risk management stakeholders are not involved and potential attack vectors are going unmonitored.”

ISACA’s free “Internet of Things: Risk and Value Considerations” guide was released today as a free download. The paper includes dos and don’ts for the IoT, and outlines the types of risks organisations must consider. The guide is the first in a series of IoT papers that will address security, privacy, compliance and assurance issues.

Links
Free publication: Internet of Things: Risk and Value Considerations
ISACA’s IT Risk/Reward Barometer survey

Recent Posts

Subscribe to our newsletter

Don't miss new updates on your email
Click here

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top