As companies increasingly leverage the Internet of Things to improve efficiency, global IT association ISACA has released new guidance for firms grappling with the technology — which can significantly increase both value and risk.
ISACA urges companies to ask nine critical questions as they consider IoT:
- How will the device be used from a business perspective, and what business value is expected?
- What threats are anticipated, and how will they be mitigated?
- Who will have access to the device, and how will their identities be established and proven?
- What is the process for updating the device in the event of an attack or vulnerability?
- Who is responsible for monitoring new attacks or vulnerabilities pertaining to the device?
- Have risk scenarios been evaluated and compared to anticipated business value?
- What personal information is collected, stored and/or processed by the IoT device?
- Do the individuals whose information is being collected know that it is being collected and used, and have they given consent?
- With whom will the data be shared?