NIST has issued a new report intended to help managers understand and manage the risks that come with Internet of Things (IoT) devices throughout their life cycles.
The 34-page report, "Considerations for Managing Internet of Things Cybersecurity one Privacy Risks," begins with basic definitions and critical issues, such as the operational difference between privacy and security. It goes on to address large management considerations, including device access and management, and the dramatic difference between the security capabilities of IT hardware and IoT systems.
NIST defines IoT risk and mitigation within a framework of three risk mitigation goals: protect device security, protect data security, and protect individuals' privacy. Within each of these goals are two to five more specific risk mitigation areas, such as vulnerability management, data protection, and information flow management.
The report provides a series of tables listing security expectations IT managers may have for conventional IT devices set against the ways in which IoT devices may be challenged in meeting those expectations.
While this report, the first in a series addressing the IoT, looks at higher level considerations, NIST says future reports will go into greater depth and detail about related issues.
Read more here.