Refine
Document Type
- Master's Thesis (2)
- Bachelor Thesis (1)
Has Fulltext
- yes (3)
Is part of the Bibliography
- no (3) (remove)
Keywords
- Risikoanalyse (3) (remove)
Institute
Open Access
- Closed Access (2)
- Closed (1)
It is generally agreed that the development and deployment of an important amount of IoT devices throughout the world has revolutionized our lives in a way that we can rely on these devices to complete certain tasks that may have not been possible just years ago which also brought a new level of convenience and value to our lives.
This technology is allowing us in a smart home environment to remotely control doors, windows, and fridges, purchase online, stream music easily with the use of voice assistants such as Amazon Echo Alexa, also close a garage door from anywhere in the world to cite some examples as this technology has added value to several domains ranging from household environments, cites, industries by exchanging and transferring data between these devices and customers. Many of these devices’ sensors, collect and share information in real-time which enables us to make important business decisions.
However, these devices pose some risks and also some security and privacy challenges that need to be addressed to reach their full potential or be considered to be secure. That is why, comprehensive risk analysis techniques are essential to enhance the security posture of IoT devices as they can help evaluate the robustness and reliability towards potential susceptibility to risks, and vulnerabilities that IoT devices in a smart home setting might possess.
This approach relies on the basis of ISO/IEC 27005 methodology and risk matrix method to highlight the level of risks, impact, and likelihood that an IoT device in smart home settings can have, map the related vulnerability, threats and risks and propose the necessary mitigation strategies or countermeasures that can be taken to secure a device and therefore satisfying some security principles. Around 30 risks were identified on Amazon Echo and the related IoT system using the methodology. A detailed list of countermeasures is proposed as a result of the risk analysis. These results, in turn, can be used to elevate the security posture of the device.
As information technology continues to advance at a rapid speed around the world, new difficulties emerge. The growing number of organizational vulnerabilities is among the most important issues. Finding and mitigating vulnerabilities is critical in order to protect an organization’s environment from multiple attack vectors.
The study investigates and comprehends the complete vulnerability management process from the standpoint of the security officer job role, as well as potential improvements. Few strategies are used to achieve efficient mitigation and the de- velopment of a process for tracking and mitigating vulnerabilities. As a result, a qualitative study is conducted in which the objective is to create a proposed vulner- ability and risk management process, as well as to develop a system for analyzing and tracking vulnerabilities and presenting the vulnerabilities in a graphical dash- board format. This thesis’s data was gathered through an organized literature study as well as through the use of various web resources. We explored numerous ap- proaches to analyze the data, such as categorizing the vulnerabilities every 30, 60, and 90 days to see whether the vulnerabilities were reoccurring or new. According to our findings, tracking vulnerabilities can be advantageous for a security officer.
We come to the conclusion that if an organization has a proper vulnerability tracking system and vulnerability management process, it can aid security officers in having a better understanding of and making plans for reducing vulnerabilities. In terms of system patching and vulnerability remediation, it will also assist the security officer in identifying areas of weakness in the process. As a result, the suggested ways provide an alternate approach to managing and tracking vulnerabilities in an effective manner, although there is still a small area that needs additional analysis and research to make it even better.
Im Rahmen der Arbeit wurde nach der Vorgehensweise des BSI-Standard 200-3 eine Risikoidentifikation und -bewertung des KRITIS-Sektors Transport und Verkehr durchgeführt. Darüber hinaus wurden die Bedeutung dieses Sektors für die deutsche Wirtschaft, die Digitalisierung in diesem Sektor sowie die Funktionsweise, Anwendung und Schwachstellen cyber-physischer Systeme aufgezeigt. Als Anwendungsfall diente dabei der Ausschnitt eines operativen Prozesses eines fiktiven Unternehmens des Sektors Transport und Verkehr.