尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

IoT Device Security

Witekio
Witekio

This self-assessment checklist helps organizations evaluate their IoT product security maturity across several domains: governance and processes, customer and regulatory requirements, development practices, testing procedures, and vulnerability management. Responses indicate the level of security practices established - from fully defined processes to no current practices. The assessment identifies areas of maturity and gaps to prioritize strengthening the security of IoT products.

Technology
1 of 1
Download to read offline
IOT SECURITY SELF ASSESSMENT CHECKLIST Do you have a cybersecurity governance in your organization (technological watch, Design, maintenance, incident management, training, legal, contractual, …)? Yes, internal Yes, subcontracted No How would you qualify the cybersecurity maturity of your organisation ? We have a cybersecurity gover- nance that includes Strategy, measurement, improvement We have a Operational Process and documentation We have identified people in charge (internal) or exrternal Who are your customers ? Type : B2C, B2B, B2G Sectors : Transportation, En- ergy; industrial ; Health ; Smart cities, … I don’t know about the end- usage Does your customer require a risk analysis, filling a security checklist, a certificate ? Yes, a certificate Yes, a risk analysis Filling a security checklist, Are you familiar with Risk analysis ? Yes - I have already done some I have already red some Not really Are you familiar with Certification and associated ecosystem (Lab, CB, audit lab) ? Yes - I have already done some with third party Yes - I am aware of the certifica- tion process No Are you aware of certification schemes that would be applicable to your product ? Yes, I have selected one Yes - I am aware of the certifica- tion process Not really What kind of assemment are you looking for ? Certification Review by a third party self assessment Is there (inter-)national, sectorial regulations applicable to your products rergarding security aspects ? Yes No I don’t know Do you have a clear view of the distribution of responsibilities if a pb occurs when your product is in the field? Yes No I don’t know Do you have contractual obligations in terms of security with your customer ? Yes No I don’t know Do you have contractual obligations in terms of security with your suppliers ? Yes No I don’t know Do you have a description of the expected usage ? Yes No I don’t know Do you follow security requirements (Protection Profile, standardised Security requiments, …) ? Yes No I don’t know Which level of security are you targeting ? High (Correctness and robustness) Subtantial (fonctionnal security) Basic (documented) / Multiple What are the kinds of attack that you are considering ? High (Correctness and robustness) Remote I don’t know What is the approximate life time of your product in the field ? 5-10 Years 2 to 5 years less than 2 years Are you using COTS; Open sources Yes No I don’t know Can you update your product (if yes : expected frequency) Yes SW update & OTA is part of our strategy Yes but we have not included that in our roadmap No Do you use/implement Cryptographic algorithms ? Standardized and following guidances Proprietary I don’t know What kind of development life cycle are you using ? When Security is integrated ? Who takes care of the configuration aspects ? Assigned to a dedicated resource Shared among the organization I don’t know Do you follow coding guidelines ? Yes No I don’t know Do you have a description of your security architecture ? Existing and reviewed To be reviewed ad/or completed Do be developed “Is your product documented ? Existing and reviewed docu- mentation Documentation to be reviewed/ updated/completed Documentation to be developed How automated is your deployment process ? CD Only CI None What kind of functional testing are you doing ? standardized; positive and negative test suite Standardized test suite Internal Are you familiar with Attack quotation ? (Measurement of attack difficulty) I am aware of attack quotation tables and use them I am aware of attack quotation tables but don’t use it I dont know How do you manage the security issues? Security issues are tracked and have a dedicated policy Security issues are collected as any other defects Nothing is set Do you monitor public vulnerabities (Owasp, CVE, Conferences,…) Yes ,included in a process Sometimes No Have you alredy performed some Robustness Testing? Third party (black/white box) internal No 1 2 3 UNDERSTAND THE CYBERSE- CURITY MATURITY OF YOUR ORGANI- SATION AND YOUR ECOSYSTEM UNDERSTAND YOUR DESIGN AND IMPLE- MENTATION STATUS ABOUT YOUR PRODUCT ROBUSTNESS AGAINST ATTACKS QUESTION ANSWER 1 ANSWER 2 ANSWER 3

Recommended

Penetration Testing; A customers perspective
Penetration Testing; A customers perspectivePenetration Testing; A customers perspective
Penetration Testing; A customers perspective
Phil Huggins FBCS CITP
 
Delivering Secure Projects
Delivering Secure ProjectsDelivering Secure Projects
Delivering Secure Projects
Phil Huggins FBCS CITP
 
Operations
OperationsOperations
Operations
dipakshrma
 
BOHS control workshop slideshare version
BOHS control workshop slideshare versionBOHS control workshop slideshare version
BOHS control workshop slideshare version
Mike Slater
 
Design and management of controls
Design and management of controlsDesign and management of controls
Design and management of controls
Mike Slater
 
Risk management-medical-devices-seattle-wa
Risk management-medical-devices-seattle-waRisk management-medical-devices-seattle-wa
Risk management-medical-devices-seattle-wa
GlobalCompliancePanel
 
Applying iso-san-diego-ca
Applying iso-san-diego-caApplying iso-san-diego-ca
Applying iso-san-diego-ca
GlobalCompliancePanel
 
Software engineering 22 error detection and debugging
Software engineering 22 error detection and debuggingSoftware engineering 22 error detection and debugging
Software engineering 22 error detection and debugging
Vaibhav Khanna
 

Recommended

Penetration Testing; A customers perspective
Penetration Testing; A customers perspectivePenetration Testing; A customers perspective
Penetration Testing; A customers perspective
Phil Huggins FBCS CITP
 
Delivering Secure Projects
Delivering Secure ProjectsDelivering Secure Projects
Delivering Secure Projects
Phil Huggins FBCS CITP
 
Operations
OperationsOperations
Operations
dipakshrma
 
BOHS control workshop slideshare version
BOHS control workshop slideshare versionBOHS control workshop slideshare version
BOHS control workshop slideshare version
Mike Slater
 
Design and management of controls
Design and management of controlsDesign and management of controls
Design and management of controls
Mike Slater
 
Risk management-medical-devices-seattle-wa
Risk management-medical-devices-seattle-waRisk management-medical-devices-seattle-wa
Risk management-medical-devices-seattle-wa
GlobalCompliancePanel
 
Applying iso-san-diego-ca
Applying iso-san-diego-caApplying iso-san-diego-ca
Applying iso-san-diego-ca
GlobalCompliancePanel
 
Software engineering 22 error detection and debugging
Software engineering 22 error detection and debuggingSoftware engineering 22 error detection and debugging
Software engineering 22 error detection and debugging
Vaibhav Khanna
 
Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and Compliance
Venkatesh M S
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Source Conference
 
Risk management in medical devices industry
Risk management in medical devices industryRisk management in medical devices industry
Risk management in medical devices industry
GlobalCompliancePanel
 
ITTM: Tactical Troubleshooting
ITTM: Tactical Troubleshooting ITTM: Tactical Troubleshooting
ITTM: Tactical Troubleshooting
Noel Temena
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
Debra McElvy
 
Grace slideshare
Grace slideshareGrace slideshare
Grace slideshare
Grace Lukezic
 
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
GlobalCompliancePanel
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environment
Arthur Donkers
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
PECB
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
Stacy Willis
 
Information Security
Information SecurityInformation Security
Information Security
divyeshkharade
 
Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!
Net at Work
 
Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security Engineering
Richard Veryard
 
bitwise-brochure-EN
bitwise-brochure-ENbitwise-brochure-EN
bitwise-brochure-EN
Manel Rodríguez Millán
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
Priyanka Aash
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
Ryan Faircloth
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
Ryan Faircloth
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
learfield
 

More Related Content

What's hot

Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and Compliance
Venkatesh M S
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Source Conference
 
Risk management in medical devices industry
Risk management in medical devices industryRisk management in medical devices industry
Risk management in medical devices industry
GlobalCompliancePanel
 
ITTM: Tactical Troubleshooting
ITTM: Tactical Troubleshooting ITTM: Tactical Troubleshooting
ITTM: Tactical Troubleshooting
Noel Temena
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
Debra McElvy
 
Grace slideshare
Grace slideshareGrace slideshare
Grace slideshare
Grace Lukezic
 
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
GlobalCompliancePanel
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
Argyle Executive Forum
 

What's hot (8)

Venkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and ComplianceVenkatesh M S - Security Audit and Compliance
Venkatesh M S - Security Audit and Compliance
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
 
Risk management in medical devices industry
Risk management in medical devices industryRisk management in medical devices industry
Risk management in medical devices industry
 
ITTM: Tactical Troubleshooting
ITTM: Tactical Troubleshooting ITTM: Tactical Troubleshooting
ITTM: Tactical Troubleshooting
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
 
Grace slideshare
Grace slideshareGrace slideshare
Grace slideshare
 
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
Applying iso14971 iec62304 iec62366 1 a practical guide on how to implement...
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 

Similar to IoT Device Security

Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Wendy Knox Everette
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
EC-Council
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environment
Arthur Donkers
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
PECB
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
Ivanti
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
Stacy Willis
 
Information Security
Information SecurityInformation Security
Information Security
divyeshkharade
 
Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!
Net at Work
 
Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security Engineering
Richard Veryard
 
bitwise-brochure-EN
bitwise-brochure-ENbitwise-brochure-EN
bitwise-brochure-EN
Manel Rodríguez Millán
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
Priyanka Aash
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
Ryan Faircloth
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
Ryan Faircloth
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
learfield
 
Cybersecurity threat assessment manual
Cybersecurity threat assessment manualCybersecurity threat assessment manual
Cybersecurity threat assessment manual
Adeel Javaid
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
Philippe A. R. Schaeffer
 
Гірка правда про безпеку програмного забезпечення, Володимир Стиран
Гірка правда про безпеку програмного забезпечення, Володимир СтиранГірка правда про безпеку програмного забезпечення, Володимир Стиран
Гірка правда про безпеку програмного забезпечення, Володимир Стиран
Sigma Software
 
Sigma Open Tech Week: Bitter Truth About Software Security
Sigma Open Tech Week: Bitter Truth About Software SecuritySigma Open Tech Week: Bitter Truth About Software Security
Sigma Open Tech Week: Bitter Truth About Software Security
Vlad Styran
 
Under Defense
Under DefenseUnder Defense
Under Defense
Lviv Startup Club
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
Conferencias FIST
 

Similar to IoT Device Security (20)

Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Cyber Security testing in an agile environment
Cyber Security testing in an agile environmentCyber Security testing in an agile environment
Cyber Security testing in an agile environment
 
Cyber Security Testing
Cyber Security TestingCyber Security Testing
Cyber Security Testing
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Information Security
Information SecurityInformation Security
Information Security
 
Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!Endpoint Security & Why It Matters!
Endpoint Security & Why It Matters!
 
Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security Engineering
 
bitwise-brochure-EN
bitwise-brochure-ENbitwise-brochure-EN
bitwise-brochure-EN
 
Keynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring SecurityKeynote Session : NIST - Cyber Security Framework Measuring Security
Keynote Session : NIST - Cyber Security Framework Measuring Security
 
325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session325838924-Splunk-Use-Case-Framework-Introduction-Session
325838924-Splunk-Use-Case-Framework-Introduction-Session
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
 
Cybersecurity threat assessment manual
Cybersecurity threat assessment manualCybersecurity threat assessment manual
Cybersecurity threat assessment manual
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
 
Гірка правда про безпеку програмного забезпечення, Володимир Стиран
Гірка правда про безпеку програмного забезпечення, Володимир СтиранГірка правда про безпеку програмного забезпечення, Володимир Стиран
Гірка правда про безпеку програмного забезпечення, Володимир Стиран
 
Sigma Open Tech Week: Bitter Truth About Software Security
Sigma Open Tech Week: Bitter Truth About Software SecuritySigma Open Tech Week: Bitter Truth About Software Security
Sigma Open Tech Week: Bitter Truth About Software Security
 
Under Defense
Under DefenseUnder Defense
Under Defense
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 

More from Witekio

IoT & Embedded systems development
IoT & Embedded systems developmentIoT & Embedded systems development
IoT & Embedded systems development
Witekio
 
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Witekio
 
Conference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoTConference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoT
Witekio
 
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Witekio
 
Machine learning - AI
Machine learning - AIMachine learning - AI
Machine learning - AI
Witekio
 
Evoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machineEvoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machine
Witekio
 
Containers demystified webinar detailed
Containers demystified webinar detailedContainers demystified webinar detailed
Containers demystified webinar detailed
Witekio
 
Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017
Witekio
 
Why you should join Witekio
Why you should join WitekioWhy you should join Witekio
Why you should join Witekio
Witekio
 
Witekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenanceWitekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenance
Witekio
 
System Software Integration, Witekio
System Software Integration, WitekioSystem Software Integration, Witekio
System Software Integration, Witekio
Witekio
 
Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016
Witekio
 
Continuous Integration for BSP
Continuous Integration for BSPContinuous Integration for BSP
Continuous Integration for BSP
Witekio
 
Witekio Qt and Android
Witekio Qt and AndroidWitekio Qt and Android
Witekio Qt and Android
Witekio
 
Witekio custom modern qt quick components
Witekio custom modern qt quick componentsWitekio custom modern qt quick components
Witekio custom modern qt quick components
Witekio
 
Witekio IoT presentation
Witekio IoT presentation Witekio IoT presentation
Witekio IoT presentation
Witekio
 
Adeneo Embedded stay tuned
Adeneo Embedded stay tuned Adeneo Embedded stay tuned
Adeneo Embedded stay tuned
Witekio
 

More from Witekio (17)

IoT & Embedded systems development
IoT & Embedded systems developmentIoT & Embedded systems development
IoT & Embedded systems development
 
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
Conference Security by Design - Microsoft - Relever les défis de la sécurité ...
 
Conference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoTConference Security by Design - Gemalto - Security in IoT
Conference Security by Design - Gemalto - Security in IoT
 
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
Conference Security by Design - Lacroix Electronics - Comment conçoit on un o...
 
Machine learning - AI
Machine learning - AIMachine learning - AI
Machine learning - AI
 
Evoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machineEvoca Group - Smart connected coffee vending machine
Evoca Group - Smart connected coffee vending machine
 
Containers demystified webinar detailed
Containers demystified webinar detailedContainers demystified webinar detailed
Containers demystified webinar detailed
 
Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017Witekio Corporate presentation H2 2017
Witekio Corporate presentation H2 2017
 
Why you should join Witekio
Why you should join WitekioWhy you should join Witekio
Why you should join Witekio
 
Witekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenanceWitekio introducing-predictive-maintenance
Witekio introducing-predictive-maintenance
 
System Software Integration, Witekio
System Software Integration, WitekioSystem Software Integration, Witekio
System Software Integration, Witekio
 
Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016Witekio Corporate Presentation Q42016
Witekio Corporate Presentation Q42016
 
Continuous Integration for BSP
Continuous Integration for BSPContinuous Integration for BSP
Continuous Integration for BSP
 
Witekio Qt and Android
Witekio Qt and AndroidWitekio Qt and Android
Witekio Qt and Android
 
Witekio custom modern qt quick components
Witekio custom modern qt quick componentsWitekio custom modern qt quick components
Witekio custom modern qt quick components
 
Witekio IoT presentation
Witekio IoT presentation Witekio IoT presentation
Witekio IoT presentation
 
Adeneo Embedded stay tuned
Adeneo Embedded stay tuned Adeneo Embedded stay tuned
Adeneo Embedded stay tuned
 

Recently uploaded

From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
Larry Smarr
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
ScyllaDB
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
Mydbops
 
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
ScyllaDB
 
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to SuccessMongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
Safe Software
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
Neeraj Kumar Singh
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
ScyllaDB
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
anilsa9823
 

Recently uploaded (20)

From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMySQL InnoDB Storage Engine: Deep Dive - Mydbops
MySQL InnoDB Storage Engine: Deep Dive - Mydbops
 
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
TrustArc Webinar - Your Guide for Smooth Cross-Border Data Transfers and Glob...
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
 
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to SuccessMongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
Call Girls Chennai ☎️ +91-7426014248 😍 Chennai Call Girl Beauty Girls Chennai...
 

IoT Device Security

  • 1. IOT SECURITY SELF ASSESSMENT CHECKLIST Do you have a cybersecurity governance in your organization (technological watch, Design, maintenance, incident management, training, legal, contractual, …)? Yes, internal Yes, subcontracted No How would you qualify the cybersecurity maturity of your organisation ? We have a cybersecurity gover- nance that includes Strategy, measurement, improvement We have a Operational Process and documentation We have identified people in charge (internal) or exrternal Who are your customers ? Type : B2C, B2B, B2G Sectors : Transportation, En- ergy; industrial ; Health ; Smart cities, … I don’t know about the end- usage Does your customer require a risk analysis, filling a security checklist, a certificate ? Yes, a certificate Yes, a risk analysis Filling a security checklist, Are you familiar with Risk analysis ? Yes - I have already done some I have already red some Not really Are you familiar with Certification and associated ecosystem (Lab, CB, audit lab) ? Yes - I have already done some with third party Yes - I am aware of the certifica- tion process No Are you aware of certification schemes that would be applicable to your product ? Yes, I have selected one Yes - I am aware of the certifica- tion process Not really What kind of assemment are you looking for ? Certification Review by a third party self assessment Is there (inter-)national, sectorial regulations applicable to your products rergarding security aspects ? Yes No I don’t know Do you have a clear view of the distribution of responsibilities if a pb occurs when your product is in the field? Yes No I don’t know Do you have contractual obligations in terms of security with your customer ? Yes No I don’t know Do you have contractual obligations in terms of security with your suppliers ? Yes No I don’t know Do you have a description of the expected usage ? Yes No I don’t know Do you follow security requirements (Protection Profile, standardised Security requiments, …) ? Yes No I don’t know Which level of security are you targeting ? High (Correctness and robustness) Subtantial (fonctionnal security) Basic (documented) / Multiple What are the kinds of attack that you are considering ? High (Correctness and robustness) Remote I don’t know What is the approximate life time of your product in the field ? 5-10 Years 2 to 5 years less than 2 years Are you using COTS; Open sources Yes No I don’t know Can you update your product (if yes : expected frequency) Yes SW update & OTA is part of our strategy Yes but we have not included that in our roadmap No Do you use/implement Cryptographic algorithms ? Standardized and following guidances Proprietary I don’t know What kind of development life cycle are you using ? When Security is integrated ? Who takes care of the configuration aspects ? Assigned to a dedicated resource Shared among the organization I don’t know Do you follow coding guidelines ? Yes No I don’t know Do you have a description of your security architecture ? Existing and reviewed To be reviewed ad/or completed Do be developed “Is your product documented ? Existing and reviewed docu- mentation Documentation to be reviewed/ updated/completed Documentation to be developed How automated is your deployment process ? CD Only CI None What kind of functional testing are you doing ? standardized; positive and negative test suite Standardized test suite Internal Are you familiar with Attack quotation ? (Measurement of attack difficulty) I am aware of attack quotation tables and use them I am aware of attack quotation tables but don’t use it I dont know How do you manage the security issues? Security issues are tracked and have a dedicated policy Security issues are collected as any other defects Nothing is set Do you monitor public vulnerabities (Owasp, CVE, Conferences,…) Yes ,included in a process Sometimes No Have you alredy performed some Robustness Testing? Third party (black/white box) internal No 1 2 3 UNDERSTAND THE CYBERSE- CURITY MATURITY OF YOUR ORGANI- SATION AND YOUR ECOSYSTEM UNDERSTAND YOUR DESIGN AND IMPLE- MENTATION STATUS ABOUT YOUR PRODUCT ROBUSTNESS AGAINST ATTACKS QUESTION ANSWER 1 ANSWER 2 ANSWER 3
  翻译: