Radanliev Petar, De Roure David, Maple Carsten, Nurse Jason R C, Nicolescu Razvan, Ani Uchenna
Department of Computer Science, University of Oxford, Oxford, United Kingdom.
Department of Computer Science, School of Computing and Engineering, Huddersfield University, Huddersfield, United Kingdom.
Front Big Data. 2024 Oct 10;7:1402745. doi: 10.3389/fdata.2024.1402745. eCollection 2024.
Internet-of-Things (IoT) refers to low-memory connected devices used in various new technologies, including drones, autonomous machines, and robotics. The article aims to understand better cyber risks in low-memory devices and the challenges in IoT risk management. The article includes a critical reflection on current risk methods and their level of appropriateness for IoT. We present a dependency model tailored in context toward current challenges in data strategies and make recommendations for the cybersecurity community. The model can be used for cyber risk estimation and assessment and generic risk impact assessment. The model is developed for cyber risk insurance for new technologies (e.g., drones, robots). Still, practitioners can apply it to estimate and assess cyber risks in organizations and enterprises. Furthermore, this paper critically discusses why risk assessment and management are crucial in this domain and what open questions on IoT risk assessment and risk management remain areas for further research. The paper then presents a more holistic understanding of cyber risks in the IoT. We explain how the industry can use new risk assessment, and management approaches to deal with the challenges posed by emerging IoT cyber risks. We explain how these approaches influence policy on cyber risk and data strategy. We also present a new approach for cyber risk assessment that incorporates IoT risks through dependency modeling. The paper describes why this approach is well suited to estimate IoT risks.
物联网(IoT)指的是用于各种新技术的低内存连接设备,包括无人机、自主机器和机器人技术。本文旨在更好地理解低内存设备中的网络风险以及物联网风险管理中的挑战。文章对当前的风险方法及其对物联网的适用性水平进行了批判性反思。我们提出了一种针对数据策略当前挑战量身定制的依赖模型,并为网络安全社区提出建议。该模型可用于网络风险估计与评估以及一般风险影响评估。该模型是为新技术(如无人机、机器人)的网络风险保险而开发的,但从业者也可将其应用于估计和评估组织和企业中的网络风险。此外,本文批判性地讨论了为何风险评估和管理在该领域至关重要,以及物联网风险评估和风险管理方面仍有哪些开放性问题有待进一步研究。然后,本文对物联网中的网络风险提出了更全面的理解。我们解释了该行业如何利用新的风险评估和管理方法来应对新兴物联网网络风险带来的挑战。我们解释了这些方法如何影响网络风险政策和数据策略。我们还提出了一种通过依赖建模纳入物联网风险的网络风险评估新方法。本文描述了为何这种方法非常适合估计物联网风险。
