A Review of Security Standards and Frameworks for IoT-Based Smart Environments

Karie, Nickson M.; Sahri, Nor Masri; Yang, Wencheng; Valli, Craig; Kebande, Victor R.

doi:10.1109/access.2021.3109886

Cited by 116 publications

(58 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The standard of good practice (SoGP) was initially published in 1996 by the Information Security Forum (ISF), which is an international organization based in London, with staff in New York City. The Information Security Forum (ISF) is a non-profit and independent organization that concentrates on the development of best practices and benchmarking in the information security area [7]. Companies and individuals in manufacturing, financial services, transportation, chemical/pharmaceutical, retail, government, telecommunications, media, transportation, energy, and professional services from all over the world can join the ISF.…”

Section: Isf Standard Of Good Practice For Information Securitymentioning

confidence: 99%

“…Cybersecurity standards include Electronics 2022, 11, 2181 2 of 20 users, network infrastructure, software, hardware, processes, and information in system storage media that can be connected to the Internet network [6]. The scope of cybersecurity standards is broad in that it covers security features in applications and cryptographic algorithms that mainly provide perspective toward security controls, processes, procedures, guidelines, and baselines [7]. Security experts recommend implementing cybersecurity standards as a fundamentally essential element consisting of a collection of best practices to protect organizations from cybersecurity threats and risks [8].…”

Section: Introductionmentioning

confidence: 99%

“…The main aim of cybersecurity standards is to prevent or mitigate cyberattacks and reduce the risk of cyber threats [9]. The implementation of standards will provide benefits in saving time, decreasing costs, increasing profits, improving user awareness, minimizing risks, and offering business continuity [7]. Additionally, using standards facilitates the compliance of an organization to industry best practices and procedures and provides the opportunity to compare a security system on an international level [10].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Taherdoost

2022

Electronics

View full text Add to dashboard Cite

Businesses are reliant on data to survive in the competitive market, and data is constantly in danger of loss or theft. Loss of valuable data leads to negative consequences for both individuals and organizations. Cybersecurity is the process of protecting sensitive data from damage or theft. To successfully achieve the objectives of implementing cybersecurity at different levels, a range of procedures and standards should be followed. Cybersecurity standards determine the requirements that an organization should follow to achieve cybersecurity objectives and facilitate against cybercrimes. Cybersecurity standards demonstrate whether an information system can meet security requirements through a range of best practices and procedures. A range of standards has been established by various organizations to be employed in information systems of different sizes and types. However, it is challenging for businesses to adopt the standard that is the most appropriate based on their cybersecurity demands. Reviewing the experiences of other businesses in the industry helps organizations to adopt the most relevant cybersecurity standards and frameworks. This study presents a narrative review of the most frequently used cybersecurity standards and frameworks based on existing papers in the cybersecurity field and applications of these cybersecurity standards and frameworks in various fields to help organizations select the cybersecurity standard or framework that best fits their cybersecurity requirements.

show abstract

Section: Isf Standard Of Good Practice For Information Securitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Taherdoost

2022

Electronics

View full text Add to dashboard Cite

show abstract

“…Such systems have two main additional requirements today ( i ) the need for (near) real-time performance to serve their function avoiding offline data analysis and ( ii ) end-to-end security with data source authentication, data confidentiality and integrity from sensor to remote site where data is stored and processed. End-to-end security issues are of paramount importance and they often drive the selection of the solution [ 1 , 2 , 3 , 4 ].…”

Section: Introductionmentioning

confidence: 99%

Enabling Secure Data Exchange through the IOTA Tangle for IoT Constrained Devices

Carelli

Palmieri

Vilei

et al. 2022

Sensors

View full text Add to dashboard Cite

Internet-of-Things (IoT) and sensor technologies have enabled the collection of data in a distributed fashion for analysis and evidence-based decision making. However, security concerns regarding the source, confidentiality and integrity of the data arise. The most common method of protecting data transmission in sensor systems is Transport Layer Security (TLS) or its datagram counterpart (DTLS) today, but exist an alternative option based on Distributed Ledger Technology (DLT) that promise strong security, ease of use and potential for large scale integration of heterogeneous sensor systems. A DLT such as the IOTA Tangle offers great potential to improve sensor data exchange. This paper presents L2Sec, a cryptographic protocol which is able to secure data exchanged over the IOTA Tangle. This protocol is suitable for implementation on constrained devices, such as common IoT devices, leading to greater scalability. The first experimental results evidence the effectiveness of the approach and advocate for the integration of an hardware secure element to improve the overall security of the protocol. The L2Sec source code is released as open source repository on GitHub.

show abstract

“…At present, there are such protocols reported to work over internet, however, they were never meant to be functional over IoT architecture, which is more complex form of architecture to be used in Future Internet Architecture [7] [8]. Some of the challenges of implementing inter-domain routing scheme in IoT are as follows: i) developing a routing strategy among different forms of devices with multiple roles is definitely not an easy task considering the massiveness of the network, ii) developing both centralized as well as decentralized trusted authority connected to gateway node in IoT is one of the tedious task to be accomplished, iii) existing firewall system in IoT application is dependent on definition of patch and hence they are incapable of identifying new form of threats that are not defined in firewall system, iv) usage of conventional encryption process also comes with different forms of operational and communication challenges over resource constrained IoT devices [9]. All the above reasons serves as a motivation factor as well as reason towards develop a robust security protocol which is compliant of inter-domain routing as well as which is computationally efficient for practical implementation of complex environment of an IoT.…”

Section: Introductionmentioning

confidence: 99%

Secure Inter-Domain Routing for Resisting Unknown Attacker in Internet-of-Things

Bhavana¹,

N²

2022

IJACSA

View full text Add to dashboard Cite

With an increasing adoption of Internet-of-Things (IoT) over massively connected device, there is a raising security concern. Review of existing security schemes in IoT shows that there is a significant trade-off due to non-adoption of interdomain routing scheme over larger domain of heterogeneous nodes in an Internet of Things (IoT) via gateway nodes. Hence, the purpose of the proposed study is to bridge this trade-off by adopting a new security scheme that works over an inter-domain routing without any apriori information of an attacker. The goal of the proposed framework is to identify the malicious intention of attacker by evaluating their increasing attention over different types of hop links information. Upon identification, the framework also aims for resisting attacker node to participate in IoT environment by advertising the counterfeited route information with a target of misleading the attackers promoting autonomous self-isolation. The study outcome shows proposed scheme is secure compared to existing scheme.

show abstract

A Review of Security Standards and Frameworks for IoT-Based Smart Environments

Cited by 116 publications

References 32 publications

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview

Enabling Secure Data Exchange through the IOTA Tangle for IoT Constrained Devices

Secure Inter-Domain Routing for Resisting Unknown Attacker in Internet-of-Things

Contact Info

Product

Resources

About