Iot Safety Architecture & Risk Assessment Toolkit Updated Addressing Device Hazardization Risks and Evolving Regulatory Landscape
Agelight Digital Trust Advisory Group released a major update to the IoT Safety Architecture to help maximize IoT security, privacy and safety, harmonizing global efforts and regulations
AUSTIN, Texas, Oct. 18, 2018 /PRNewswire-PRWeb/ -- Today at the International Association of Privacy Professionals, Privacy, Security Risk conference, the Agelight Digital Trust Advisory Group, released a major update to the IoT Safety Architecture and Risk Assessment Toolkit (IoTSA). First released over six months ago, the IoTSA has been updated to reflect real-world feedback from dozens of stakeholders, regulators and device manufacturers. The IoTSA has been expanded to map to the evolving regulatory landscape including the EU GDPR, California IoT Security Act, and the UK's Code of Practice for Consumer IoT Security.
The IoTSA helps to accelerate the adoption of high-value and high-impact security and privacy practices delivering trustworthy devices to the market while supporting them through their lifecycle. At its core, it has been designed to address the confusion and at times conflicting narratives of existing frameworks. Many of which look at security, data privacy and product safety in isolation.
Leveraging National Cyber Security Awareness month, the IoTSA advocates that IoT safety must be "by design" and everyone's responsibility throughout a product's life-cycle. Not unlike an automobile, IoT devices require continued updating and patching. And at a certain point they need to be retired for the safety of the user and society at-large.
The IoTSA includes 45 actionable principles and uniquely includes a scoring model to help organizations complete risk assessments and prioritization. Applying the IoTSA aids device manufactures and developers to enhance the lifecycle security and data privacy of their solutions. In addition, enterprises can apply the IoTSA to assess the safety of their devices and retailers can apply the IoTSA to their product merchandising decisions.
"The IoTSA provides a blueprint to realize the promise of IoT and to help avoid the pitfalls," said Craig Spiezle, Managing Director of the Agelight Digital Trust Advisory Group. "Adopting the IoTSA can maximize user safety, while making security and privacy a part of their brand promise. Those that fail risk placing society and users at risk."
The following guiding tenets were applied and weighted for inclusion in the IoTSA:
- Address root causes of risks and vulnerabilities at-scale
- Promote practices which are feasible to adopt
- Reduce user risk and support burden
- Drive supply chain / ecosystem improvements
- Provide incentives for product/brand differentiation
- Provide users the ability to evaluate and compare products
- Be applicable globally
The IoTSA weighted risk model incorporates six fundamental criteria impacting device manufacturers and developers. Based on an organization's risk tolerance, engineering and development efforts can be prioritized. Scoring criteria includes:
- The impact to the user
- The impact to the ecosystem and society at large
- Financial and performance impact
- Hazardization, or risks related to physical and life safety
- Development costs and impact to market timing
- Regulatory and liability risk
To learn more, attend the session entitled IoT Risk Assessment, Prioritization and Scoring at IAPP Privacy. Security. Risk 2018, on Friday October 19 at 11:45, during a panel with Justin Brookman, Director, Consumer Privacy and Technology Policy, Consumers Union and Aaron Weller, VP Strategy, Sentinel LLC.
"In a world populated by devices from smart fridges to driverless cars, it is vitally important that we embed privacy and security into the devices, large and small, that help us with everything from the mundane to the vital," said Weller, VP of Strategy at Sentinel. "The IoTSA is a valuable tool for organizations to evaluate their risks and prioritize efforts. Those organizations that act now will not only avoid potentially significant issues but also send a strong message to their customers about the value that they place on doing the right thing."
The IoTSA incorporates many practices advocated by the European Union's General Data Protection Regulation (GDPR), the EU Agency for Network and Information Security (ENISA), the U.K. Department for Digital Culture, Media and Sport. the U.S. Consumer Products Safety Commission (CPSC), the U.S. Department of Commerce, the National Telecommunication and Information Administration (NTIA) the National Institute of Standards and Technology (NIST) the U.S. Department of Homeland Security, the U.S. Federal Communication Commission, the U.S. Federal Trade Commission (FTC) and other governmental agencies and regulatory bodies.
About The Agelight Digital Trust Advisory Group
The Agelight Digital Trust Advisory Group helps organizations accelerate the adoption of security and privacy-enhancing practices and policies, navigate the complex regulatory environment, while promoting innovation and the importance of self-regulation. Agelight's Managing Director Craig Spiezle offers more than two decades of product development and management expertise and is recognized as an authority on the intersection of online trust, security, privacy and product safety.
SOURCE IoT Safety Architecture
Share this article