Security Taxonomy for IoT - Cope with complexity and supply-chain

Overview

A Taxonomy is presented that aims to assist in coping with the complexity of IoT. It helps considering overarching aspects as well as interdependencies between the single work areas introduced by the Taxonomy. Each single work area is defined below. They are target group-specific; the areas will be filled with concrete security specification later. With this approach, the division of labor is supported, and activities of individual parties can be combined and orchestrated in a way that the IoT system can become an integrated secure whole. Admitting the constant failures to actually secure IoT, it is time for measures of confinement and compensation which in turn requires having an architectural approach making dependencies visible and showing ways of segregation. Moreover, Zero Outage puts other ideas up for discussion such as Zones, Classes, and an extended IT stack.

 

B References and Applicable Documents

[1] ESARIS Security Taxonomy – Synopsis, Scope and Content; Zero Outage Industry Standard, Release 1 about Security, February 2017, zero-outage.com/security

[2] Managing security in the supplier network – Third Party Integration Model; Zero Outage Industry Standard, Release 2 about Security, August 2017, zero-outage.com/security

[3] Eberhard von Faber: Methods: “Secured by definition” and the utilization of quality management principles; published on zero-outage.com in November 2019

[4] Anthony Sabella, Rik Irons-Mclean, Marcelo Yannuzzi: Orchestrating and Automating Security for the Internet of Things, Delivering Advanced Security Capabilities from Edge to Cloud for IoT; Cisco Press, 2018, 968 pages, ISBN 978-1-5714-503-2

[5] Eberhard von Faber and Walter Sedlacek: Using Game Theory to Improve IT Security in the Internet of Things, The Idea of a Durability Date or: What happens if nobody cares?; published on zero-outage.com in November 2018

[6] Frank Vahid and Tony Givargis: Embedded Systems, A unified Hardware/Software Introduction; John Wiley & Sons, Inc., 2002

[7] Eberhard von Faber and Wolfgang Behnsen: Secure ICT Service Provisioning for Cloud, Mobile and Beyond, ESARIS: The Answer to the Demands of Industrialized IT Production Balancing Between Buyers and Providers, 2017, ISBN- 978-3-658-16481-2

 

C List of Abbreviations

ESARIS: Enterprise Security Architecture for Reliable ICT Services

ICT: Information and Communication Technology (IT and TC)

IDS: Intrusion Detection System

IPS: Intrusion Prevention Systems

IoT: Internet of Things

ISO: International Organization for Standardization

IT: Information Technology (here also uses for ICT)

ITSM: IT Service Management

LDAP: Lightweight Directory Access Protocol (actually a directory)

SIEM: Security Information and Event Management

TC: Communication Technology

WAF: Web Application Firewall

WAN: Wide Area Network