ISMS policies
ISO/IEC 27403


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC 27403 Cybersecurity IoT security and privacy Guidelines for IoT-domotics [DRAFT]

 

Introduction

Setting the standard for information security and privacy of IoT things intended for home use is quite a challenge given the variety of things, home circumstances, security and privacy issues and controls.
 

Scope of the standard

“Domotics” is what was originally known as home automation a.k.a. “smart homes”, where domicile or home means “The private, hence highly customizable area where someone lives,  alone or with guests or cohabitants” that “includes dedicated infrastructure aimed to support those individuals, such as healthcare and wellness systems, building control systems, smart metering and systems for entertainment or gaming.”

This standard is aimed at the designers, manufacturers and security/privacy assessors of IoT domotics, rather than the consumers and retail customers.
 

Content of the standard

TBA
 

Status

Jan update The standard is at 3rd Working Draft stage with a revised title (see above).
 

Personal notes

Rather than simply recommending a bunch of controls, the standard will describe typical information [security] risks relating to domotics, and recommend information security controls to mitigate them, making this a risk-based ISO27k standard.

The main advantage of this approach for users of the standard is that the risks provide the rationale, context or basis for the controls.  Helping users to identify and consider the information [security] risks gives them a better appreciation of what the information security controls are required to achieve.  Both the risks and the controls in the standard are examples to stimulate users into considering the risks and control requirements in their own contexts.

Particular challenges in the home environment include:

  1. Limited information security awareness and competence by most people.
  2. Ad hoc assemblages of networked IT systems - including things worn/carried about the person (residents and visitors) and work things, not just things installed about the home.
  3. IoT devices not always designed for security or privacy since other requirements (such as low price and ease of use) take precedence.
  4. Lack of systems and processes for managing security and privacy at home.
  5. Informality in general: the home is an unstructured and dynamic environment.

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2021 IsecT Ltd.