A Study of K-ISMS Fault Analysis for Constructing Secure Internet of Things Service

Although Internet of Things (IoT) technologies and services are being developed rapidly worldwide, concerns of potential security threats such as privacy violation, information leak, and hacking are increasing as more various sensors are connected to the Internet. There is a need for the study of introducing risk management and existing security management standard (e.g., ISO27001) to ensure the stability and reliability of IoT services. K-ISMS is a representative certification system that evaluates the security management level of the enterprise in Korea and is possible to apply as a standardized process to enhance the security management of IoT services. However, there are growing concerns about the quality deterioration of the K-ISMS certification assessment these days because of internet security incidents occurring frequently in K-ISMS certified enterprises. Therefore, various researches are required to improve the accuracy and objectivity of the certification assessment. Since existing studies mainly focus on simple statistical analysis of the K-ISMS assessment results, analysis on the cause of certification assessment fault based on past data analysis is insufficient. As a method of managing the certification inspection quality, in this paper, we analyze the association among the fault items of the K-ISMS certification assessment results using association rule mining which involves identifying an association rule among items in the database

Exploring Security, Privacy, and Reliability Strategies to Enable the Adoption of IoT

The Internet of things (IoT) is a technology that will enable machine-to-machine communication and eventually set the stage for self-driving cars, smart cities, and remote care for patients. However, some barriers that organizations face prevent them from the adoption of IoT. The purpose of this qualitative exploratory case study was to explore strategies that organization information technology (IT) leaders use for security, privacy, and reliability to enable the adoption of IoT devices. The study population included organization IT leaders who had knowledge or perceptions of security, privacy, and reliability strategies to adopt IoT at an organization in the eastern region of the United States. The diffusion of innovations theory, developed by Rogers, was used as the conceptual framework for the study. The data collection process included interviews with organization IT leaders (n = 8) and company documents and procedures (n = 15). Coding from the interviews and member checking were triangulated with company documents to produce major themes. Through methodological triangulation, 4 major themes emerged during my analysis: securing IoT devices is critical for IoT adoption, separating private and confidential data from analytical data, focusing on customer satisfaction goes beyond reliability, and using IoT to retrofit products. The findings from this study may benefit organization IT leaders by enhancing their security, privacy, and reliability practices and better protect their organization\u27s data. Improved data security practices may contribute to social change by reducing risk in security and privacy vulnerabilities while also contributing to new knowledge and insights that may lead to new discoveries such as a cure for a disease