The Internet of Things Security Institute is a Not for Profit academic and industry body dedicated to providing security frameworks and supporting educational services within an IoT and critical Infrastructure context. Unlike many other Not for Profit organizations the loTSI is not focused on promoting membership dues to drive their success and profits. Nor do we commercialize parts of our framework and insist it is still freely available in the public domain. A dedicated group of people maintains the loTSI. The Framework is offered under a creative commons licence and encourages collaboration and knowledge sharing across the cyber and privacy sectors.
Only through a truly public domain model can challenges facing smart technologies be addressed. The IoTSI Framework is available for free download via the loTSI website.
Why a Framework? The IoTSI believes the loT/IIOT technology sector will provide enormous benefits to society and the individual. However, these
technologies come with considerable challenges. Often privacy concerns and security controls are frequently overlooked or poorly understood. In a rush to maximise commercial opportunities and technological benefits the protection of vital assets and legally enforceable privacy requirements are placed on the back burner. Although many within the smart cities and critical infrastructure acknowledge the security challenges facing such technology they struggle prioritizing their efforts. Admittedly, in an loT world where a camera or building management system (BMS) can potentially launch a cyber- attack and disable a building’s or city’s critical services, understanding the process imperatives of the build, design and deployment stages can be overwhelming. The IoT Security Institute Smart Cities and Critical Infrastructure Framework provides a” Security and Privacy by Design” methodology to address security control requirements. In addition, the Framework is uniquely privacy controls focused. Advisory documentation that does not place privacy management at the core of their data protection process models fail to understand the complexity of IoT security challenges and rely on a limited control set of data protection tools and practices.
Views: 0
