Abstract
Purpose
Internet of Things (IoT) interconnects many heterogeneous devices to each other, collecting and processing large volumes of data for decision making without human intervention. However, the information security concern it brings has attracted quite a lot of attention, and, at this stage, the smart step would be to analyze the security issues of IoT platform and get to the state of readiness before embarking upon this attractive technology. The purpose of this paper is to address these issues.
Design/methodology/approach
IoT risk assessment through the application of the analytical hierarchy process (AHP), a favorite multi-criteria decision making technique, is proposed. The IoT risks are prioritized and ranked at different layers, before which a well-defined IoT risk taxonomy is defined comprising of 25 risks across six layers of the IoT model for developing control and mitigation plans for information security of IoT.
Findings
People and processes layer, network layer and applications layer are the top three critical layers with risks like the lack of awareness, malware injection, malicious code injection, denial of service and inefficient policies for IoT practice get the highest priority and rank. Pareto analysis of the overall risk factors revealed that the top ten factors contribute to 80 percent of the risks perceived by information security experts.
Research limitations/implications
The study focuses only on certain predefined constructs or layers of the IoT model traced from legacy studies. It is essential to re-look these constructs on a timely basis to prolong the results’ validity. The study’s empirical scope is confined only to the risk perception of select IoT experts and does not encompass a broader segment of the IoT ecosystem. Therefore, the risks assessment may not be sweeping to a bigger audience.
Practical implications
The study implications are two-fold: one it consolidates the earlier siloed works to intensify the need for risk assessment in the IoT domain, and second the study brings yet another contextual avenue of extending the application AHP and Pareto principle combination. The paper also draws specific critical organizational interventions about IoT risks. A comprehensive approach to prioritizing and ranking IoT risks are present in this research paper.
Originality/value
The contribution of this study to the benchmarking of IoT risk assessment is two-fold. One, a comprehensive risk assessment taxonomy is proposed, and two, the risks are prioritized and ranked to give a convincing reference for the organizations while making information security plans for IoT technology.
Subject
Business and International Management,Strategy and Management
Cited by
14 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献