During the rest of May, the scope, structure, content and themes for June’s IoT security awareness module will emerge from this rough-n-ready hand-scrawled mind map:
Working clockwise from the 2 o’clock position, we need to prepare:
- An introduction to the topic – setting the organizational/busineness and technical background or context for the module;
- A basic explanation of things, with hints about the associated creative possibilities and practical constraints of various kinds (e.g. high-street retail IoT products vs industrial IIoT things used in factories, buildings and [perhaps critical national and corporate] infrastructures);
- Something about managing and controlling things, with nods towards governance aspects such as ownership and accountability;
- Something on the information risks (principally the threats, vulnerabilities and impacts concerning information confidentiality, integrity and availability) typically associated with or arising from things (which – with hindsight – may be better expressed before or in parallel with the management and control stuff, since our main focus will be managing the security of things, specifying and implementing security controls etc. to address the information risks);
- Some generic, pragmatic guidance on IoT security strategy, policies, procedures, guidelines etc., giving a practical edge to all of the preceding stuff – helpful, sensible, plain-speaking advice that the awareness audiences can actually use.
Source: NBlog – the NoticeBored blog @ May 5, 2017 at 05:02AM