VIEW ON THE IOT ENVIRONMENT The Internet of Things (IoT) IoT is truly a holisc concept, resulted by the fact that the world becomes more and more connected. The combinaon of “smart” devices, mobile or web applicaons used to interact with them and cloud services allowing them connect with each other lead to the development of overlapped IoT ecosystems. Therefore, even if differences in products and soluons can occur across various vercals, by making use of these building blocks, the security of IoT soluons can be addressed in an efficient way. The IoT domain is increasing at an accelerang speed across exisng vercals, while at the same me expanding and interconnecng with new domains. In this dynamic environment, security threats need to be addressed structurally and simultaneously from an early design stage. Secura's IoT Security Lab expands across all the relevant vercals of the IoT ecosystem, allowing the manufacturers and developers to stay in control of their security. Secura has worked in informaon security and privacy for nearly two decades. This is why we uniquely understand the challenges that you face like no one else and would be delighted to help you address your informaon security maers efficiently and thoroughly. We work in the areas of people, processes and technology. For our customers we offer a range of security tesng services varying in depth and scope. IN CONTROL WITH SECURA SECURA IOT SECURITY LAB Web/Mobile Applicaons Cloud Service
8
Embed
SECURA IOT SECURITY LAB APPROACHING IOT SECURITY In line with the drawing above, the IoT Security Lab of Secura is addressing each particular type of element in the IoT environment,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
VIEW ON THE IOT ENVIRONMENT The Internet of Things (IoT) IoT is truly a holistic concept, resulted by the
fact that the world becomes more and more connected. The combination
of “smart” devices, mobile or web applications used to interact with
them and cloud services allowing them connect with each other lead
to the development of overlapped IoT ecosystems. Therefore, even if
differences in products and solutions can occur across various verticals, by
making use of these building blocks, the security of IoT solutions can be
addressed in an efficient way.
The IoT domain is increasing at an accelerating speed across existing verticals, while at the same time expanding and interconnecting with new domains. In this dynamic environment, security threats need to be addressed structurally and simultaneously from an early design stage. Secura's IoT Security Lab expands across all the relevant verticals of the IoT ecosystem, allowing the manufacturers and developers to stay in control of their security.
Secura has worked in information
security and privacy for nearly
two decades. This is why
we uniquely understand the
challenges that you face like no
one else and would be delighted
to help you address your
information security matters
efficiently and thoroughly. We
work in the areas of people,
processes and technology. For
our customers we offer a range of
security testing services varying
in depth and scope.
IN CONTROL WITH SECURA
SECURA IOT SECURITY LAB
Web/Mobile Applications
Cloud Service
APPROACHING IOT SECURITYIn line with the drawing above, the IoT Security Lab of
Secura is addressing each particular type of element in
the IoT environment, supporting therefore the whole IoT
supply chain of an IoT solution. We believe that designing
specific services for specific target groups is essential
in addressing specific security needs across the supply
chain. Moreover, by directing the services to specific
targets, it is ensured that the resulted level of assurance
is as high as possible, by tailoring the assessment scope
towards domain specific objectives. Finally, we strongly
believe that security can be addressed better by relying
on internationally recognized publications addressing
requirements and metrics. Because of that, our services
include for all the addressed elements the option of
standardized assessments and certification.
The services provided by the lab are focusing on the IoT
building blocks: devices, web/mobile applications and
cloud connectivity. For each of these building blocks,
Secura is providing a complete and flexible service
offering, including:
• Design Reviews and Threat modelling: Tailored
reviews of the specific solution, with highlighting
of specific risks and design vulnerabilities. This
includes services such as documentation review,
source code review, security by design trainings or
security audits.
• Training courses: Courses given by our experts
concerning topics such as Automotive Security, ICS
SCADA Security or Embedded Devices Security
• Advisory and Audit: Services carried by
experienced and certified auditors (REs), aimed
at assessing and validating the security related
processes implemented within your organization
• (Standardized) testing: Assessing the presence and
sufficiency of implemented security features, in line
with relevant international publications. The testing
is performed in a tailored way, by selecting relevant
requirements from considered publications.
• Compliance and certification: Ensuring the
security by testing in line with the applicable
requirements of relevant international publications
(ex. IEC 62443, IoT Security Foundation Framework,
OWASP Testing Guide, etc.), while also offering
support for security certifications or regulations.
In particular, this factsheet will mostly focus on services
related with security testing, compliance and certification
of IoT products from various verticals in scope. These