NIST Issues IoT Risk Guidelines
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
NIST has issued a new report intended to help managers understand and manage the risks that come with Internet of Things (IoT) devices throughout their life cycles.
The 34-page report, "Considerations for Managing Internet of Things Cybersecurity one Privacy Risks," begins with basic definitions and critical issues, such as the operational difference between privacy and security. It goes on to address large management considerations, including device access and management, and the dramatic difference between the security capabilities of IT hardware and IoT systems.
NIST defines IoT risk and mitigation within a framework of three risk mitigation goals: protect device security, protect data security, and protect individuals' privacy. Within each of these goals are two to five more specific risk mitigation areas, such as vulnerability management, data protection, and information flow management.
The report provides a series of tables listing security expectations IT managers may have for conventional IT devices set against the ways in which IoT devices may be challenged in meeting those expectations.
While this report, the first in a series addressing the IoT, looks at higher level considerations, NIST says future reports will go into greater depth and detail about related issues.
Read more here.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024