Security Risk Assessment Methodologies in The Internet of Things: Survey and Taxonomy

Security Risk Assessment Methodologies in The Internet of Things: Survey and Taxonomy

연구 분야: Strategies

학회: 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C)

Internet of Things (IoT) is the next-generation internet paradigm where billions of smart objects embedded with software and sensing capabilities are connected to the backbone network. IoT has applications in many fields such as healthcare, manufacturing, commerce, agriculture, energy production, and transportation. The advent of Industry 4.0 has enabled the democratization of IoT deployment and the emergence of innovative business models. However, IoT systems carry numerous security and privacy risks. Traditional security risk assessment methodologies cannot be effectively applied in the IoT context, because they do not necessarily take into account the complexity and dynamics of IoT. This paper presents a survey of security risk assessment methodologies for IoT to aid security researchers, policymakers, and stakeholders in developing novel risk assessment frameworks that are more fit for IoT. The paper reviews various security standards, industry best practices, and security controls related to IoT security assessment, then proposes a taxonomy of risk assessment methodologies. This will help identify the gaps and pave the way for future research to improve the security and resilience of IoT systems by putting more emphasis on the high presence of zero-day vulnerabilities and the role that Artificial Intelligence will play in threat assessment.