- From: Mccool, Michael <michael.mccool@intel.com>
- Date: Fri, 18 Aug 2017 01:38:03 +0000
- To: Peter Saint-Andre - Filament <peter@filament.com>
- CC: David Rogers <david.rogers@copperhorse.co.uk>, "public-wot-ig@w3.org" <public-wot-ig@w3.org>
Thanks, I had the IIC one in the list of references already. It's an excellent reference, but specifically for industrial use cases (and, with a bit of a stretch, to municipal and institutional use cases). I also like that it specifically addresses the issue of combined security and safety engineering. The main hole we have, I think, is a reference for smart home use cases. Michael > On Aug 18, 2017, at 6:50, Peter Saint-Andre - Filament <peter@filament.com> wrote: > > The IIC IoT Security Framework is quite good: > > http://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB-3.pdf > > UL 2900-2-2 is excellent but paywalled. > > And there's a big list here: > > https://www.schneier.com/blog/archives/2017/02/security_and_pr.html > > Peter > >> On 8/17/17 2:29 AM, Mccool, Michael wrote: >> Thanks! I was aware of the second and third ones on your list (and will >> confirm they are kisted as references) but will look at your other >> collection. The book I cited also has a bunch of references but from 2015. >> >> I'm also aware of the bill proposed in the US Senate but its still just >> a bill, so... >> >> Michael McCool, Principal Engineer, Intel >> SSG/DPD/Technology Pathfinding and Innovation >> >> On Aug 17, 2017, at 15:44, David Rogers <david.rogers@copperhorse.co.uk >> <mailto:david.rogers@copperhorse.co.uk>> wrote: >> >>> Hi, >>> >>> A list here (which I need to >>> update): http://blog.mobilephonesecurity.org/2016/11/iot-security-resources.html >>> >>> IoT Security Foundation Best Practices - 1.1 being launched >>> shortly: https://iotsecurityfoundation.org/best-practice-guidelines/ >>> >>> Also checkout the GSMA IoT security >>> guidelines: https://www.gsma.com/iot/future-iot-networks/iot-security-guidelines/ >>> >>> Cheers, >>> >>> >>> David. >>> >>> >>> >>> Sent from my mobile >>> >>> -------- Original message -------- >>> From: "Mccool, Michael" <michael.mccool@intel.com >>> <mailto:michael.mccool@intel.com>> >>> Date: 17/08/2017 04:03 (GMT+01:00) >>> To: public-wot-ig@w3.org <mailto:public-wot-ig@w3.org> >>> Subject: References for "best practices" in IoT security needed >>> >>> I've been looking for references on "best practices" in IoT security. >>> Ideally these would be standards we could cite or practices adopted or >>> required by major organizations (eg large companies or governments). >>> >>> While the following is not a standard (unfortunately), and I haven't >>> yet read through the whole thing, the following book is proving to be >>> pretty useful. In particular, it highlights the interaction of safety >>> and security in IoT, something which is not necessarily a factor in >>> other cybersecurity contexts: >>> >>> Practical Internet of Things Security https://g.co/kgs/MSw7Yz >>> >>> At the same time, we DO still need better "anchor" citations from >>> standards bodies or similar organizations we can use for best practice >>> security recommendations *in IoT*. If anyone on this list has >>> suggestions, please give them. >>> >>> We do have an existing set of references under the main github site. >>> >>> Michael McCool >>> >>> > >
Received on Friday, 18 August 2017 01:38:32 UTC