Research Arrow to Content

Internet of Things

IoT devices represent a wide variety of non-traditional devices that are increasingly implemented in organizations due to the numerous benefits. These unique devices often pose a security challenge due to the limited size and lack of innate security making them difficult to secure with traditional security controls and methodologies. It is a combination of these factors that has rendered many devices vulnerable to attacks like the Mirai botnet. The IoT Working Group’s mission is dedicated to understanding relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their IoT ecosystem. This includes outlining best practices for securing IoT implementations, identifying gaps in standards coverage for IoT security, and identifying threats to IoT devices and implementations.


Businesses are now requiring a stronger collaboration between the development, security and operational functions. This addition of security creates DevSecOps. In the past, the security needs were either skipped or only addressed after the deployment of applications, or worse after security vulnerabilities were exploited. Such an approach increased risks to the deployment and contributed towards a more hostile relationship between security and the development and operations teams. DevSecOps focuses on creating a transparent and holistic management approach that leverages the synergies between the development, security and operational functions, making way towards a proactive and agile security stance. By addressing cultural changes within the work force and adhering to a new combination of tactics, security can become a functioning part across all life cycles and developments.

Cloud Controls Matrix

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains. The foundations of the Cloud Security Alliance Controls Matrix rest on its customized relationship to other industry-accepted security standards, regulations, and controls frameworks such as the ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum and NERC CIP and will augment or provide internal control direction for service organization control reports attestations provided by cloud providers.

Contact here for participating in these working groups.
Victor Monga, CISSP
[email protected]

Page Dividing Line