Security risk assessment in Internet of Things systems
Jason R. C. Nurse; Sadie Creese; David De Roure
Cybersecurity risk assessment approaches have served us well over the last decade. They have provided a platform through which organisations and governments could better protect themselves against pertinent risks. As the complexity, pervasiveness and automation of technology systems increases however, particularly with the Internet of Things (IoT), there is a strong argument for the need for new approaches to assess risk and build trust. The challenge with simply extending existing assessment methodologies to these systems is that we could be blind to new risks arising in such ecosystems. These risks could be related to the high degrees of connectivity present, or the coupling of digital, cyber-physical and social systems. This article makes the case for new methodologies to assess risk in this context which consider the dynamics and uniqueness of IoT, but also the rigour of best practice in risk assessment.