GSMA IoT Security Assessment
Organization: GSMA Reference: IoT Security Assessment Published on: October 2017 The GSMA IoT Security Assessment provides a flexible framework that addresses the diversity of the IoT market, enabling companies to build secure IoT devices and solutions as laid out in the GSMA IoT Security Guidelines, a comprehensive set of best practices promoting the secure end-to-end design, development and deployment of IoT solutions.
NCC-Security-of-Things
Organization: NCC Group Reference: Security of Things: An Implementers Guide to Cyber Security for Internet of Things devices and beyond Published on: 8 April 2014 The paper takes the reader through a typical IoT product development life-cycle and associated business discussions highlighting the security and privacy impacting areas and decisions that should be considered, why they should be and the potential ramifications if not. In addition for those less experienced in secure hardware and software development lifecycles we also provide a matter of fact look at some of the challenges along the way. At a high-level the paper covers in its 35...
OWASP-–-Principles-of-IoT-Security
Organization: Open Web Application Security Project (OWASP) Reference: Principles of IoT Security Published on: 14 May 2016 16 high-level principles of IoT security.
IoTSF-Establishing-Principles-for-Internet-of-Things-Security
Organization: IoT Security Foundation (IoTSF) Reference: Establishing Principles for Internet of Things Security Published on: 22 September 2015 High-level IoT security principles (16-pages)
AIOTI-High-Level-Architecture-Functional-Model
Organization: Alliance for Internet of Things Innovation (AIOTI) Reference: High Level Architecture Functional Model Release 2.1 Published on: September 2016 AIOTI WG3 has developed a High Level Architecture (HLA) for IoT. This document provides an initial proposal for a high-level IoT architecture. This document: Introduces the use of ISO/IEC/IEEE 42010 by AIOTI WG3 Presents a Domain Model and discusses the “thing” in IoT Presents a Functional Model Links this work with the AIOTI WG3 Semantic Interoperability work and the SDO Landscape work
IIC-–-Industrial-Internet-Security-Framework-IISF
Organization: Industrial Internet Consortium (IIC) Reference: Industrial Internet Security Framework (IISF) Published on: 26 September 2016 The Industrial Internet Security Framework (IISF) is a cross-industry-focused, comprehensive (173-pages) security framework outlining number of best practices.
Microsoft-Internet-of-Things-security-best-practices
Organization: Microsoft Reference: Internet of Things security best practices Published on: 3 July 2017 To secure an Internet of Things (IoT) infrastructure requires a rigorous security-in-depth strategy. This strategy requires you to secure data in the cloud, protect data integrity while in transit over the public internet, and securely provision devices. Each layer builds greater security assurance in the overall infrastructure.
IoTAA - Internet of Things Security Guidelines
Organization: IoT Alliance Australia (IoTAA) Reference: Internet of Things Security Guideline V1.0 Published on: 23 February 2017 The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to: promote a ‘security by design’ approach to IoT; assist industry to understand the practical application of security and privacy for IoT device use; be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and assist industry to understand some of the relevant legislation around privacy and security.
oneM2M-–-Release-2-Specifications-Security-Technical-Report
Organization: oneM2M Reference: Release 2 Specifications Within Release 2 Specifications the Security Technical Report is here Published on: 30 August 2016 Standard for M2M deployment covering requirements, architecture, API specifications, security solutions and mapping to common industry protocols such as CoAP, MQTT and HTTP.
IoTAA - Internet of Things Security Guidelines
Organization: IoT Alliance Australia (IoTAA) Reference: Internet of Things Security Guideline V1.2 Published on: November 2017 The purpose of the Internet of Things Security Guideline is to provide comprehensive, top-level guidance to: promote a ‘security by design’ approach to IoT; assist industry to understand the practical application of security and privacy for IoT device use; be utilised by the IoT industry and digital service providers which use or provide support services for IoT deployments; and assist industry to understand some of the relevant legislation around privacy and security.
IETF-Best-Current-Practices-for-Securing-Internet-of-Things-IoT-Devices
Organization: The Internet Engineering Task Force (IETF) Reference: Best Current Practices for Securing Internet of Things (IoT) Devices (Draft) Published on: 3 July 2017 In recent years, embedded computing devices have increasingly been provided with Internet interfaces, and the typically-weak network security of such devices has become a challenge for the Internet infrastructure. This document lists a number of minimum requirements that vendors of Internet of Things (IoT) devices need to take into account during development and when producing firmware updates, in order to reduce the frequency and severity of security incidents in which such devices are implicated.
IoTSF-IoT-Security-Compliance-Framework
Organization: IoT Security Foundation (IoTSF) Reference: IoT Security Compliance Framework Published on: 6 December 2016 The framework provides a comprehensive and practical checklist to guide organisations through a security assuring process. It offers a methodical approach to determining an organisation’s unique security posture for both business processes and technical requirements. The framework is intended to be used by key staff such as senior management, technical, manufacturing and logistics from producer companies, yet it could also be used by purchasers to assess suppliers. The framework is designed to be generally applicable and extendable with release 1.0 targeted at the consumer product category. Follow-on...
OWASP-IoT-Security-Guidance-Web
Organization: Open Web Application Security Project (OWASP) Reference: IoT Security Guidance Published on: 14 February 2017 Basic list of fundamentals. Consists of: Manufacturer IoT Security Guidance Developer IoT Security Guidance Consumer IoT Security Guidance
Microsoft-Internet-of-Things-security-architecture
Organization: Microsoft Reference: Internet of Things security architecture Published on: 3 July 2017 When designing a system, it is important to understand the potential threats to that system, and add appropriate defenses accordingly, as the system is designed and architected. It is particularly important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.
CSA-–-Security-Guidance-for-Early-Adopters-of-the-Internet-of-Things-IoT
Organization: Cloud Security Alliance (CSA) Reference: Security Guidance for Early Adopters of the Internet of Things (IoT) Published on: 16 April 2015 Guidance for the secure implementation of Internet of Things (IoT)-based systems.