The IOT Security Foundation has released three best practice guidelines on:
- IOT Security Compliance Framework
- Connected Consumer Products
- Vulnerability Disclosure
I am currently reading through these with interest, especially the paper on Vulnerability Disclosure. Something that some companies do well and and some not so. I can see companies legal departments advising on this one, however it is an important topic for the industry to address.
These best practices provide one lense to look through on the issue of IoT Security as the industry still has a journey to complete with providing as set of universal standards due to the number of Groups and Communities publishing best practices, guidelines and standards. Some are specific to products and services and some are generic.
I have previously listed a number of IoT Groups in a previous blog post on IoT Standards
Links below from that blog post to some of the Groups/Communities
- Architectural Framework for the IOT
- IoT Consortium
- IoT Global Standards Initiative
- IoT Open Standards
- IoT Trust Framework
- IoT Security Foundation
- Industrial Internet Consortium
- Joint Coordination Activity on IoT
- NIST (National Institute of Standards and Technology)
- Open Interconnect Consortium
- Open Management Group Industrial IoT
- World Forum 2015 Standards
I had not listed the IoT Security Foundation on that original list so have added above. There are probably groups and comitties not listed here. Please comment below if you know of any others.
Choosing to follow best practices is a good thing. Choosing which best practice to follow can be a harder choice to make.
Until such time as a couple or even one set of standards, a hybrid Best Practice may present a good approach, picking the synergies between the best practices and standards, then bringing in the other ones needed.
These latest best practice standards do state that they are generic and up to the indivudal to adopt.