IoT Systems

Assuring the security of each component within an IoT system is imperative in order to prevent malicious actors from gaining unauthorised access to, or the ability to tamper with, systems and data that form the IoT solution.

Since a typical IoT solution will introduce large quantities of new devices and/or embedded components throughout an organisation, it is highly likely that this will lead to an increase of potential cyber security risks within the IoT solution’s deployment, and—where connected to enterprise or ICS/SCADA systems—it might also introduce additional risks of the IoT solution being used as an attack vector into an organization’s other critical assets.

RIoT Solutions offers the following levels of cyber security assessment services, to allow organisations to select the most appropriate option for a particular requirement and budgeted funds for each unique solution requiring a security review:

  • High-level Assessment
  • Detailed Assessment
  • Security Vulnerability Testing.
Service Description Deliverable
IoT Cyber Security Assessment

(High-level)

Review overall security against key IOT vulnerability categories in:

OWASP IoT Top 10

Provide a report with:

  • Identified vulnerabilities, and the resulting risks
  • Prioritised list of recommendations for risk mitigations
IoT Cyber Security Assessment

(Detailed)

Review overall security design and the elements of a Protection Architecture for IoT, utilising Cloud Security Alliance (CSA) reference:

Security Guidance for Early Adopters of the IoT

Provide a report with:

  • Identified security architecture issues, vulnerabilities, and the resulting risks, plus rating against CSA’s list of recommended security controls
  • Prioritised list of recommendations for addressing security architecture weaknesses
IoT Security Vulnerability Testing Perform vulnerability testing of the supporting infrastructure (devices, hosts, networks and services) of the target IoT solution

Identify, and where safe to do so, exploit vulnerabilities to confirm risk exposure

Provide a report with:

  • Identified technical vulnerabilities, sample attack / exploitation steps, and the resulting risks
  • Identified effective security controls
  • Prioritised list of recommendations for risk mitigations