Week Five
Hello! Welcome to this week's Ryan Report. Today, I will profile and discuss NIST's newly-released internal report: Considerations for Managing IoT Cybersecurity and Privacy Risks.
IoT devices are becoming more and more common in today's world as networking and computing technology has evolved and become more powerful and affordable. It is quite simple to embed a computer in nearly everything and there are certainly benefits to doing so. The data collected from these devices can be very valuable. However, these devices are frequently not designed with security in mind. The NIST report seeks to describe these security and privacy considerations in more detail.
NIST documentation is aimed at US federal agencies, but their standards and other documentation can be adapted and applied to nearly every sector and private organization. This particular report is an initial draft, and NIST is actively seeking feedback. Further, they state that this is the introductory document that will be part of a series.
The publication identifies three high-level considerations for managing cybersecurity and privacy risks for IoT devices as compared to conventional IT:
IoT devices are becoming more and more common in today's world as networking and computing technology has evolved and become more powerful and affordable. It is quite simple to embed a computer in nearly everything and there are certainly benefits to doing so. The data collected from these devices can be very valuable. However, these devices are frequently not designed with security in mind. The NIST report seeks to describe these security and privacy considerations in more detail.
NIST documentation is aimed at US federal agencies, but their standards and other documentation can be adapted and applied to nearly every sector and private organization. This particular report is an initial draft, and NIST is actively seeking feedback. Further, they state that this is the introductory document that will be part of a series.
The publication identifies three high-level considerations for managing cybersecurity and privacy risks for IoT devices as compared to conventional IT:
- Many IoT devices interact with the physical world in ways conventional IT devices usually do not.
- Many IoT devices cannot be accessed, managed, or monitored in the same ways conventional IT devices can.
- The availability, efficiency, and effectiveness of cybersecurity and privacy capabilities are often different for IoT devices than conventional IT devices.
These are all valid considerations. For example, most IoT devices cannot support encryption of data stored on the device like a traditional laptop.
This publication contains valuable information for organizations, and I look forward to future documentation in the series elaborating on the concepts that NIST has described here.
Comments
Post a Comment