CIS Controls Releases Internet of Things Companion Guide
Internet of Things (IoT) devices aren't just invading our homes; these smart, connected machines are in the workplace and virtually every other public and private location we visit daily. To help secure this new frontier, CIS (Center for Internet Security, Inc.) is releasing the free CIS Controls Internet of Things Companion Guide to help organizations apply the CIS Controls to the IoT. The CIS Controls are internationally-recognized cybersecurity best practices for defense against common cybersecurity threats. They are used within a variety of industry sectors, and throughout local, state, and federal governments.
The new IoT guide helps organizations implement consensus-developed best practices using Version 7.1 of the CIS Controls, taking into consideration the unique environment and challenges posed by IoT technology.
Security Challenges for IoT
IoT devices include smart speakers, security cameras, door locks, window sensors, thermostats, headsets, watches, and more – all devices that may be integrated into a typical business IT environment, sometimes without the organization's knowledge. Employees often purchase devices, bring them to work, and connect them to the company network sans authorization from an IT administrator. This creates serious challenges from an asset management, vulnerability management, and governance perspective.
There are many legitimate use cases for IoT in the workplace. The CIS Controls companion guide focuses on security-related factors that should be analyzed before a purchase is made. These include the ability to manage authentication credentials (e.g., change a password, enable 2-factor authentication), encrypt network traffic, and receive software updates. A major factor of IoT is making sure devices are outfitted with all necessary security features before the purchase is made, as embedded devices don't get new functionality over time.
Related Articles
Customer and Agent interactions ensure data quality in training AI-based system to achieve high customer response accuracy.
02 Jul 2019