Internet of Things Security Assessment
An increasing number of items in our lives are connected to the internet. This includes the usual things like computers and phones but now also includes a very wide variety of other items such as children's toys, door bells, light switches, fridges, building environment controls. This large selection of connected items and devices are often called the Internet of Things or "IoT". At the moment there is very little regulation or control of the way things connect to the internet which can leave business and families vulnerable to attack, data loss and privacy invasion.
A recent report from the Internet Society which surveyed global consumers identified many concerns but also ‘the trust opportunity’. The opportunity exists for manufacturers to differentiate themselves by offering proof of trustworthy behaviour and demonstrating steps have been taken to design security into their processes and products. IASME's IoT Cybersecurity Basic conformance scheme provides that proof.
Working with experts from the IoT Security Foundation, IASME has defined a set of 30 checks which can be verified by a national network of certifying bodies. Once the applicant satisfies those checks, a certificate is issued and the company can use the Basic tick mark on marketing materials.
This basic security assessment is aimed at manufacturers of any device which connects to the internet. It asks a set of questions about the basic controls such a device would be expected to have in place for the minimum acceptable level of security. Although no evidence is required for the assessment, a board member or equivalent must sign a declaration to confirm that all the answers are true. This way of assessment ensures that the board members are aware of the issues and take responsibility. It also ensures the costs of the certification scheme remains low.
The answers to this assessment are then reviewed by a trained assessor.
For those manufacturers of things connected to the internet that are implementing good security practice, this is the opportunity to gain a market advantage. After the introduction of the basic level IoT Security assessment, IASME will shortly be launching the silver and gold levels which will demonstrate much higher levels of cyber security.
If you would like to apply for an assessment please contact us and we will send you further details in the next few days.
Download question set
Download the questions for the basic level IoT Security assessment here. Please note that these are for information only and if you would like your product to be assessed you will need to enter your answers into the online assessment platform.
The cost of this assessment will be in the region of £300 + vat and will be available shortly. We expect to improve the assessment over time and we welcome your feedback on this assessment. Please do contact us if you have any feedback or would like to get involved.