Rolling Meadows, IL, USA (27 January 2015)—As connected devices infiltrate the workplace—some with IT’s knowledge and some without—both value and risk can increase significantly. Global IT association ISACA has released new guidance urging companies to ask nine critical questions as they grapple with the Internet of Things (IoT).
ISACA recommends companies address:
- How will the device be used from a business perspective, and what business value is expected?
- What threats are anticipated, and how will they be mitigated?
- Who will have access to the device, and how will their identities be established and proven?
- What is the process for updating the device in the event of an attack or vulnerability?
- Who is responsible for monitoring new attacks or vulnerabilities pertaining to the device?
- Have risk scenarios been evaluated and compared to anticipated business value?
- What personal information is collected, stored and/or processed by the IoT device?
- Do the individuals whose information is being collected know that it is being collected and used, and have they given consent?
- With whom will the data be shared?
These questions are particularly critical given that 43 percent of enterprises are leveraging IoT already, or have plans to do so in 2015, according to ISACA’s IT Risk/Reward Barometer survey.
“Connected devices are everywhere—from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors,” said Robert Stroud, CGEIT, CRISC, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Often, organizations can be using IoT without even realizing it—which means their risk management stakeholders are not involved and potential attack vectors are going unmonitored.”
ISACA’s free “Internet of Things: Risk and Value Considerations” guide was released today as a free download at www.isaca.org/internet-of-things. The paper includes dos and don'ts for the IoT, and outlines the types of risks organizations must consider. The guide is the first in a series of IoT papers that will address security, privacy, compliance and assurance issues.
With more than 115,000 constituents in 180 countries, ISACA (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Kristen Kessinger, +1.847.660.5512, [email protected]
Joanne Duffer, +1.847.660.5564, [email protected]