{"id":605,"date":"2018-02-15T00:57:43","date_gmt":"2018-02-14T21:57:43","guid":{"rendered":"http:\/\/kusuaks7\/?p=210"},"modified":"2025-05-15T10:54:20","modified_gmt":"2025-05-15T10:54:20","slug":"a-method-to-the-madness-how-to-think-about-security-and-privacy-for-iot","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/a-method-to-the-madness-how-to-think-about-security-and-privacy-for-iot\/","title":{"rendered":"A method to the madness: How to think about security and privacy for IoT"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"605\" class=\"elementor elementor-605\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-71a95fc3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"71a95fc3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-322958af\" data-id=\"322958af\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c2354f4 elementor-widget elementor-widget-text-editor\" data-id=\"c2354f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong><em>Ready to learn Internet of Things? <a href=\"https:\/\/www.experfy.com\/training\/courses\">Browse courses<\/a>\u00a0like\u00a0<a href=\"https:\/\/www.experfy.com\/training\/courses\/cyber-security-for-the-iot\">Cyber Security for the IoT<\/a> developed by industry thought leaders and Experfy in Harvard Innovation Lab.<\/em><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-6a787aa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6a787aa\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9b517fc\" data-id=\"9b517fc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f4015cc elementor-widget elementor-widget-text-editor\" data-id=\"f4015cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAs we enter a new year \u2014 a year in which IoT is expected to continue its\u00a0explosive adoption trend\u00a0\u2014 it is important to continue to be mindful of the basic tenets of how to build and deploy connected devices in ways that deliver robust considerations of both security and privacy. It is also important to keep in mind that these are distinct concepts, even though they are often conflated:\u00a0<em>Privacy<\/em>\u00a0is the decision about who can or cannot access data, while\u00a0<em>security<\/em>\u00a0is the integrity of decisions about access being carried out effectively.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-a9ff5c6 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a9ff5c6\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c97da24\" data-id=\"c97da24\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ccebaba elementor-widget elementor-widget-text-editor\" data-id=\"ccebaba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tHere are some practical and implementable actions that both manufacturers and purchasers of connected devices can follow in an effort to deploy resilient systems. It is imperative, however, to keep in mind that the security architecture around your device will be very much dependent on your use case, and those unique aspects should heavily influence all decision-making you do around both security and privacy.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-1d20d1d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1d20d1d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-490a2fc\" data-id=\"490a2fc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c1f5fbe elementor-widget elementor-widget-heading\" data-id=\"c1f5fbe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><strong>Security: Ways of thinking<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-cfb1786 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cfb1786\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0425bf8\" data-id=\"0425bf8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-14f6f15 elementor-widget elementor-widget-text-editor\" data-id=\"14f6f15\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThe most\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/feature\/IoT-security-companies-take-on-device-discovery-authentication\" rel=\"noopener\">effective security model<\/a>\u00a0around any given device or architecture will be very much dependent on use case. In that vein, below are some methods for how to approach security, rather than a prescriptive framework. As an outcome of the below domains, both buyers and vendors should thereby be best suited to deploy an IoT strategy that successfully accounts for security; this article defines such organizations as\u00a0<em>effective security organizations<\/em>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-4c4803a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4c4803a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-10610d9\" data-id=\"10610d9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d75db50 elementor-widget elementor-widget-text-editor\" data-id=\"d75db50\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong><u>1. Think strategically<\/u><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-9cfb949 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9cfb949\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-34669cf\" data-id=\"34669cf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a415a1b elementor-widget elementor-widget-text-editor\" data-id=\"a415a1b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tFirst and foremost, effective security organizations understand that to be effective requires strategy. Strategy then informs the tactical execution. To best pursue this mindset, effective organization should consider a collection of concepts that support the ability to think strategically about security.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-2d6b2a0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2d6b2a0\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-05cc515\" data-id=\"05cc515\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-79922f1 elementor-widget elementor-widget-text-editor\" data-id=\"79922f1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>a. Adopt a security mission<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-d23a8af elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d23a8af\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b474e87\" data-id=\"b474e87\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-76ba096 elementor-widget elementor-widget-text-editor\" data-id=\"76ba096\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tEffective security starts with making it a priority. While this sounds simple in concept, it is often very difficult in practice. Historically, the most successful security organizations are defined by executive buy-in to a well-articulated, well-defined, well-communicated security mission. Effective security organizations define the purpose behind\u00a0<em>why<\/em>\u00a0security matters to them,\u00a0<em>what<\/em>they do to pursue those objectives and\u00a0<em>how<\/em>\u00a0they pursue the mission.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-16dc848 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"16dc848\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-88af3cd\" data-id=\"88af3cd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b90cd95 elementor-widget elementor-widget-text-editor\" data-id=\"b90cd95\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tContrary to conventional wisdom, effective security is not achieved via solely a collection of products, or through satisfying only the basics of some sort of compliance framework. Rather, security is a combination of people, process and products, all strategically resourced and deployed in the context of a security mission.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-f33684a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f33684a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-904f541\" data-id=\"904f541\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4320a9b elementor-widget elementor-widget-text-editor\" data-id=\"4320a9b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\nTo be effective in this domain, organizations should:\n<ul>\n \t<li>Define why security matters to the unique needs and conditions of the organization,<\/li>\n \t<li>Obtain executive buy-in about the security mission, and<\/li>\n \t<li>Develop and execute a\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/blog\/IoT-Agenda\/A-word-on-words-How-to-communicate-about-security-in-IoT\" rel=\"noopener\">communication plan<\/a>\u00a0to ensure that the highest levels, lowest levels, and all levels in between have a common understanding of the security mission.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-b7fd11e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b7fd11e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-89a127a\" data-id=\"89a127a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c8d8b7d elementor-widget elementor-widget-text-editor\" data-id=\"c8d8b7d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>b. Be your security champion<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-d042a1f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d042a1f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-949a920\" data-id=\"949a920\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3650cf9 elementor-widget elementor-widget-text-editor\" data-id=\"3650cf9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tEffective security is essentially an exercise in advocacy. Security is often hard to see, touch or feel; it is most often felt as a void, for example, when a breach results from a lack of effective security. In that vein, effective security organizations define at least one person \u2014 and in the best cases, many people \u2014 to serve as the champion for security in the organization. This individual or team advocates for the security mission, ensuring that it gets integrated into all aspects of decision making across the organization.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-5f287c4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5f287c4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0a6a9ab\" data-id=\"0a6a9ab\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e9b66c5 elementor-widget elementor-widget-text-editor\" data-id=\"e9b66c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Empower a person or group to advocate for the security mission,<\/li>\n \t<li>Ensure that the champion has adequate support, executive visibility and influence to drive meaningful impact, and<\/li>\n \t<li>Has security as their top priority, which does not compete with other conflicting priorities.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-1aa5174 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1aa5174\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-04585c1\" data-id=\"04585c1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c451465 elementor-widget elementor-widget-text-editor\" data-id=\"c451465\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>c. Define risk<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-3a137be elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3a137be\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-df25acb\" data-id=\"df25acb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d3b676e elementor-widget elementor-widget-text-editor\" data-id=\"d3b676e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tRisk is the combination of likelihood \u2014 which includes both attacker\u00a0<em>motivation<\/em>\u00a0as well as\u00a0<em>ease<\/em>\u00a0of success \u2014 and\u00a0<em>impact<\/em>\u00a0in the event of an adverse outcome. Risk is something that should be defined, measured and mitigated, with an acceptance that it will never be eliminated. Once organizations can accurately\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/blog\/IoT-Agenda\/The-evolution-of-enterprise-IoT-and-its-security-risks\" rel=\"noopener\">understand their risk<\/a>, they can then make business decisions about how to allocate resources to reduce it.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-bdb28fa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bdb28fa\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4665b6a\" data-id=\"4665b6a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c74eaff elementor-widget elementor-widget-text-editor\" data-id=\"c74eaff\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Define attacker motivation, as it would be relevant to their organization,<\/li>\n \t<li>Define ease of attack success, as it would be relevant to their organization,<\/li>\n \t<li>Define impact to business in the event of a successful attack, as it would pertain to their organization,<\/li>\n \t<li>Determine how to measure and reevaluate all of the above continually over time, and<\/li>\n \t<li>Define a mitigation strategy to acknowledge acceptable risk and reduce unacceptable risk.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-42e7bfa elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"42e7bfa\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-383f6e1\" data-id=\"383f6e1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f4fe077 elementor-widget elementor-widget-text-editor\" data-id=\"f4fe077\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>d. Allocate appropriate resources<\/strong>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-0ff9ff9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0ff9ff9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-91461e4\" data-id=\"91461e4\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5ab89a3 elementor-widget elementor-widget-text-editor\" data-id=\"5ab89a3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tLike marketing, sales, human resources, accounting and legal, security is a core business discipline. Accordingly, appropriate cost-benefit tradeoffs should be considered when allocating resources towards pursuit of organizational effectiveness in this domain. Ineffective security organizations see security as a cost to be minimized and attempt to survive by doing just the bare minimum, while effective security organizations recognize that it requires investment of manpower and financial resources to obtain effectiveness. It should be noted, however, that there is a condition of diminishing returns, after which point additional investments in security won\u2019t deliver correspondingly higher returns on effectiveness. Appropriate resource allocation is the critical aspiration to pursue.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-240841b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"240841b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-73eb057\" data-id=\"73eb057\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-825305f elementor-widget elementor-widget-text-editor\" data-id=\"825305f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Define what success looks like to the unique situation of the organization,<\/li>\n \t<li>Quantify the manpower and financial investments it would require to arrive at success, and<\/li>\n \t<li>Make informed, business-case tradeoffs about what to allocate and what to cut, in pursuit of the desired success outcomes as related to security effectiveness.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-b73cda5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b73cda5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e2888a2\" data-id=\"e2888a2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-97ef25d elementor-widget elementor-widget-text-editor\" data-id=\"97ef25d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>e. Plan for future<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-77a5c61 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"77a5c61\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-995327c\" data-id=\"995327c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-93c0d9d elementor-widget elementor-widget-text-editor\" data-id=\"93c0d9d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTechnology evolves, market conditions change and attackers innovate. As such, effective organizations consider security in a future context, by thinking about how to adapt the security posture over time. IoT introduces particularly notable future state conditions, as many IoT technologies are not designed to be supported or updated by the vendor, but rather by the buyer. In either model (vendor-supported or buyer-supported), effective security organizations understand that bugs will be discovered, security vulnerabilities will be published and attackers will evolve. Thus, effective security organizations make it easy to ingest bug or vulnerability disclosures, and have a plan and mechanism for updates.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-52d6a2a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"52d6a2a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f942382\" data-id=\"f942382\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7b6fca5 elementor-widget elementor-widget-text-editor\" data-id=\"7b6fca5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Plan for how to remedy security issues unknown today but that could be relevant in the years to come,<\/li>\n \t<li>Implement an easy to use update mechanism across all deployed systems, and<\/li>\n \t<li>Empower users and security researchers with an easy communication channel to disclose security flaws, which are received by a human at the vendor who can triage and address.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-e719bf5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e719bf5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-206d303\" data-id=\"206d303\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-525ce08 elementor-widget elementor-widget-text-editor\" data-id=\"525ce08\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong><u>2. Adopt an adversarial perspective<\/u><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-9f647c3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9f647c3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c4b2d17\" data-id=\"c4b2d17\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-52756f8 elementor-widget elementor-widget-text-editor\" data-id=\"52756f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo defend against the attacker, you must\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/blog\/IoT-Agenda\/IoT-Cybersecurity-Improvement-Act-of-2017-The-pros-and-cons-from-a-hacker\" rel=\"noopener\">think like the attacker<\/a>. Effective security organizations recognize this truism and attempt to apply it in a handful of ways.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-7e66528 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7e66528\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8b981bf\" data-id=\"8b981bf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3cd05f4 elementor-widget elementor-widget-text-editor\" data-id=\"3cd05f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>a. Understand your threat model<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-1b8dd00 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1b8dd00\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-428856f\" data-id=\"428856f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3411afc elementor-widget elementor-widget-text-editor\" data-id=\"3411afc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tNo system is ever going to be completely resilient against every attacker and every attack. However, by focusing on the adversaries that an organization is most concerned with, in the context of the assets the organization wishes to protect and the attack surfaces against which an adversary launches malicious campaigns, organizations can design and deploy security programs that are more effective against the most concerning type of threats. Threat modeling is an exercise through which effective security organizations go in order to define assets, adversaries and attack surfaces in the pursuit of optimizing the defense paradigm.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-5a35761 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5a35761\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4036aaf\" data-id=\"4036aaf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d81e54a elementor-widget elementor-widget-text-editor\" data-id=\"d81e54a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Define the assets to protect,<\/li>\n \t<li>Define the adversaries to defend against,<\/li>\n \t<li>Define the attack surfaces, against which abuse and misuse cases can be deployed,<\/li>\n \t<li>Communicate the threat model across all internal and external stakeholders, and<\/li>\n \t<li>Update the threat model frequently.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-5147094 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5147094\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d46fbe0\" data-id=\"d46fbe0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-5b269a9 elementor-widget elementor-widget-text-editor\" data-id=\"5b269a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>b. Understand your trust model<\/strong>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-b6fbf17 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b6fbf17\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b178dbe\" data-id=\"b178dbe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1b62d1d elementor-widget elementor-widget-text-editor\" data-id=\"1b62d1d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAn inverse to the threat model, a trust model is an exercise through which an organization defines\u00a0<em>who<\/em>\u00a0it trusts,\u00a0<em>why<\/em>\u00a0it trusts that person and\u00a0<em>how<\/em>\u00a0trust is provisioned and validated. All organizations must be able to trust certain\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/blog\/IoT-Agenda\/Developing-digital-trust-in-the-IoT-era\" rel=\"noopener\">internal and external parties<\/a>\u00a0in order to execute on the business and functional needs; the trust model empowers the organization to do so while adequately understanding and mitigating risk that is associated with allocating such trust.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-d3b26cd elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d3b26cd\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-eff5863\" data-id=\"eff5863\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8fd68a8 elementor-widget elementor-widget-text-editor\" data-id=\"8fd68a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Define who you trust,<\/li>\n \t<li>Define why you trust that person, and<\/li>\n \t<li>Outline a process for provisioning trust, including how to ascertain authentication, authorization and access control, while also considering privilege revocation.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-48fa5b1 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"48fa5b1\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f105e85\" data-id=\"f105e85\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fbc0a67 elementor-widget elementor-widget-text-editor\" data-id=\"fbc0a67\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>c. Understand how modern adversaries operate<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-f4bf744 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"f4bf744\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fed2a3f\" data-id=\"fed2a3f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-61f6d73 elementor-widget elementor-widget-text-editor\" data-id=\"61f6d73\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tMost modern organizations adopt security models defined by the premise of keeping attackers on the outside of rigid perimeter defenses. However, the concept of a defined perimeter is outdated, and modern adversaries typically do not attack perimeter defenses directly. Instead, modern adversaries typically attempt to exploit trust and access in the supply chain, through stepping-stone attacks. This is a notoriously effective attack model in an IoT context, which typically tends to be overly permissive with trust, which in turn unwittingly enables such attack vectors. Effective security organizations understand this attack model and implement defense mechanisms accordingly.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-0ceb003 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0ceb003\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5d7e138\" data-id=\"5d7e138\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6ed94da elementor-widget elementor-widget-text-editor\" data-id=\"6ed94da\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Consider stepping stone attack methodologies,<\/li>\n \t<li>Review integrations for potential harm in event of successful exploitation of third-party trust and\/or access, and<\/li>\n \t<li>Perform effective security assessments.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-b164c69 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b164c69\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3f9d37d\" data-id=\"3f9d37d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d7b13c5 elementor-widget elementor-widget-text-editor\" data-id=\"d7b13c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>d. Perform security assessments best aligned with your goals<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-7198229 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7198229\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e4403dc\" data-id=\"e4403dc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-10b7462 elementor-widget elementor-widget-text-editor\" data-id=\"10b7462\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tIt goes without saying that most or all organizations should pursue security assessments to investigate for security flaws, which should then be remediated. Implied with this concept, however, is that organizations must also best understand\u00a0<em>what<\/em>\u00a0they want to accomplish with a\u00a0<a href=\"http:\/\/searchsecurity.techtarget.com\/tip\/Best-practices-for-an-information-security-assessment\" rel=\"noopener\">security assessment<\/a>\u00a0and\u00a0<em>why<\/em>\u00a0that is important. For some organizations, a commodity-level, low-intensity, automated penetration test will be sufficient to satisfy their security needs. For others, more thorough approaches, such as manual white box security assessments, will be more appropriate. Effective organizations understand the distinction and apply appropriate methodologies accordingly.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-2117c61 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2117c61\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-626d2bf\" data-id=\"626d2bf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7c5ebb7 elementor-widget elementor-widget-text-editor\" data-id=\"7c5ebb7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Define objectives for security assessment, in accordance with their defined threat model and trust model;<\/li>\n \t<li>Understand that different methodologies are best suited for different objectives and their correlating outcomes;<\/li>\n \t<li>Vet partners for security pedigree, including contributions to security research, talks and technical capabilities; and<\/li>\n \t<li>Invest appropriate financial and manpower resources.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-1d47716 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1d47716\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4386e6a\" data-id=\"4386e6a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-eaf4894 elementor-widget elementor-widget-text-editor\" data-id=\"eaf4894\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong>e. Understand the role of compliance<\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-6c3bfe9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6c3bfe9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f155e3f\" data-id=\"f155e3f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-360b9d4 elementor-widget elementor-widget-text-editor\" data-id=\"360b9d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tMost organizations are likely to face some element of a compliance framework somewhere across their own organizational needs or the needs of their customers. Depending on the framework, compliance typically does an adequate job of establishing the baseline requirements for the foundation of a security program. However, compliance should not be seen as the entire security program unto itself. Effective security organizations recognize the\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/blog\/IoT-Agenda\/IoT-and-regulatory-compliance-The-value-in-a-contextual-perimeter\" rel=\"noopener\">role of compliance<\/a>\u00a0as being important to satisfying stakeholder needs, but will go beyond the outlined minimum if delivering a robust security posture is important.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-eaca457 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"eaca457\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f14831\" data-id=\"1f14831\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-46d21fe elementor-widget elementor-widget-text-editor\" data-id=\"46d21fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Identify which compliance frameworks are important to the organization and why;<\/li>\n \t<li>Define what a successful outcome of the security model looks like; and<\/li>\n \t<li>Define the delta between compliance and the desired outcome, and mobilize accordingly.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-dfad591 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"dfad591\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2134e9e\" data-id=\"2134e9e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1de9739 elementor-widget elementor-widget-heading\" data-id=\"1de9739\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><strong>Privacy: Ways of thinking<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-ce80722 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ce80722\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-26bb71d\" data-id=\"26bb71d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9f029c2 elementor-widget elementor-widget-text-editor\" data-id=\"9f029c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tMerriam Webster Dictionary defines privacy as \u201cfreedom from intrusion,\u201d yet in a modern context, the application of the term has really come to be more about the decision by individuals about who has access to their data \u2014 a concept around which regulators and activists are rallying around. To best protect both end users and the companies that accumulate their data, privacy should be considered from the outset, so as to best integrate well-reasoned decisions about privacy into all subsequent business decisions. Here are a handful of strategies for how to think about privacy in an IoT context:\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-30d9810 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"30d9810\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9037291\" data-id=\"9037291\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8f77a13 elementor-widget elementor-widget-text-editor\" data-id=\"8f77a13\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong><u>1. Consider privacy a leadership issue<\/u><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-69c8093 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"69c8093\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-529890a\" data-id=\"529890a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-659b834 elementor-widget elementor-widget-text-editor\" data-id=\"659b834\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tAs with any domain across the business, what the executive leadership prioritizes is what flourishes. From the standpoint of the marketplace, the industry and, in many cases, regulators, a well-designed approach to privacy is an expectation for leaders to deliver. Well-defined\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/blog\/IoT-Agenda\/Regulation-for-IoT-security-and-data-privacy\" rel=\"noopener\">privacy policies<\/a>\u00a0are core to an organization making strategic business decisions that protect customers and do not unnecessarily expose the company to risk.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-1e78397 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1e78397\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e391bff\" data-id=\"e391bff\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-85cddf8 elementor-widget elementor-widget-text-editor\" data-id=\"85cddf8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Engage senior management in developing a privacy approach,<\/li>\n \t<li>Create a plan for how to design and implement privacy,<\/li>\n \t<li>Establish a way to measure success,<\/li>\n \t<li>Educate and continually train your employees, and<\/li>\n \t<li>Institute oversight of privacy policy.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-0019fee elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0019fee\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c118bed\" data-id=\"c118bed\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2cc3cf1 elementor-widget elementor-widget-text-editor\" data-id=\"2cc3cf1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong><u>2. Consider data collection<\/u><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-9cfcadc elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9cfcadc\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-81dab29\" data-id=\"81dab29\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-899fffb elementor-widget elementor-widget-text-editor\" data-id=\"899fffb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tOrganizations benefit from various types of data that can be collected from their customers and users, including by discovering emerging trends, better serving the customer and uncovering new revenue streams. However, with such collection of data comes some risk of regulatory issues in some cases and brand damage issues in other cases. As such, organizations should think carefully about the kinds of data they want to collect and why they want to collect that data, and make informed decisions about the value of\u00a0<a href=\"http:\/\/internetofthingsagenda.techtarget.com\/feature\/The-fine-line-between-IoT-data-collection-and-privacy\" rel=\"noopener\">collecting the data<\/a>\u00a0versus the potential reputational and financial impacts of violating privacy later as a result of possession of that data.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-b456c11 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b456c11\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ff903ed\" data-id=\"ff903ed\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3a514e1 elementor-widget elementor-widget-text-editor\" data-id=\"3a514e1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Clearly inform the individuals about the purpose for which data will be collected, used or disclosed and obtain their consent in writing;<\/li>\n \t<li>Provide choice. The best model is to require individuals to opt-in to be granted access to their data, but at least offer them the ability to opt-out;<\/li>\n \t<li>If you collect personal data from third parties, ensure the third party has obtained consent from the individuals to disclose it for your intended purpose; and<\/li>\n \t<li>Identify what kind of and how much personal information your organization handles.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-bf131f4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bf131f4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-bb98282\" data-id=\"bb98282\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-796b229 elementor-widget elementor-widget-text-editor\" data-id=\"796b229\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<strong><u>3. Consider data usage<\/u><\/strong>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-7642d7e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7642d7e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3d30010\" data-id=\"3d30010\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a2f5452 elementor-widget elementor-widget-text-editor\" data-id=\"a2f5452\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tOnce an organization possesses data, the organization now must consider how it will use that data and how it will safeguard the data. To ensure the latter, organizations should consider the many elements introduced previously in this analysis pertaining to security. To ensure the former, organizations should have a well-defined approach to data usage that considers how to best achieve the desired outcome of obtaining and using the data in consideration of the potential risks that such data usage introduce.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-144ecde elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"144ecde\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8283cb0\" data-id=\"8283cb0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ee8f777 elementor-widget elementor-widget-text-editor\" data-id=\"ee8f777\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tTo be effective in this domain, organizations should:\n<ul>\n \t<li>Ensure that the purposes for which you obtained consent to collect personal data must indeed be the only ones for which that data is used;<\/li>\n \t<li>Ensure that any changes in the disclosure and use of the personal data collected should receive a new and separate consent in writing; and<\/li>\n \t<li>From legal, regulatory and common sense industry perception standpoints, understand your organization\u2019s obligations and risks as it pertains to how you intend to use data collected; and<\/li>\n \t<li>Ensure that there is a formal procedure in place to handle requests for access to personal data, including their purpose, an evaluation of their data security measures, storage locations, access rights (individuals and other companies) and disposal mechanisms.<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-48888c9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"48888c9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f65dbe0\" data-id=\"f65dbe0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c7233b6 elementor-widget elementor-widget-heading\" data-id=\"c7233b6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\"><h3><strong>Call to action<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"has_eae_slider elementor-section elementor-top-section elementor-element elementor-element-cf53425 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"cf53425\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_eae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8d5a672\" data-id=\"8d5a672\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-95ba71b elementor-widget elementor-widget-text-editor\" data-id=\"95ba71b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tIoT is often considered to be such an innovative and disruptive technology migration that many consider it to be something completely new, like nothing ever seen before. In some ways, that is true \u2014 at least from an innovation perspective. But from a security perspective, and from a privacy perspective, the challenges that IoT vendors and buyers face are the same that have afflicted the many technology migrations that have preceded IoT. Hopefully by considering some of the approaches outlined in this article, buyers and vendors can best address these challenges to ensure that IoT is adopted in a manner that effectively integrates attack resiliency and privacy protections.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Ready to learn Internet of Things? Browse courses\u00a0like\u00a0Cyber Security for the IoT developed by industry thought leaders and Experfy in Harvard Innovation Lab.As we enter a new year \u2014 a year in which IoT is expected to continue its\u00a0explosive adoption trend\u00a0\u2014 it is important to continue to be mindful of the basic tenets of how<\/p>\n","protected":false},"author":215,"featured_media":3320,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[195],"tags":[93],"ppma_author":[1741],"class_list":["post-605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot","tag-internet-of-things"],"authors":[{"term_id":1741,"user_id":215,"is_guest":0,"slug":"ted-harrington","display_name":"Ted Harrington","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","user_url":"","last_name":"Harrington","first_name":"Ted","job_title":"","description":"Ted Harrington is Executive Partner at Independent Security Evaluators, the elite organization of security researchers and consultants widely known for being the first company to hack the iPhone. Mr. Harrington has been named both Executive of the Year and 40 Under 40, and he is one of the organizers of popular hacking concept IoT Village.&nbsp; He is a Boston Marathon finisher."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/215"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=605"}],"version-history":[{"count":6,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/605\/revisions"}],"predecessor-version":[{"id":37783,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/605\/revisions\/37783"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/3320"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=605"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}