IIC Journal of Innovation 7th Edition | Page 54

Evaluating Security of IIoT Testbeds  Standards and Compliance: Document relevant security standards and compliance requirements. The various pieces of information collected, as described in this section, are utilized in the security review process captured in the next section. 2. 3. O BJECTIVES AND S ECURITY R EVIEW P ROCESS 4. The primary objective of the security review process conducted by the TSCG is to ensure that a testbed considers security at the onset of its design and to provide feedback to the testbed team on whether the security objectives sought out by the testbed team appear to be met by the testbed design under review. The process followed by the TSCG for its evaluation is described in the figure bellow. 5. 6. 7. 1. The Testbed team creates the Testbed presentation outlining the purpose and goals of the Testbed activity and receives related review comments from the Testbed Working Group. This presentation is shown as input to the first step in Figure 2. The Testbed team creates and provides the security profile, with the help of the testbed security profile guidelines and the questionnaire. The Testbed team schedules a review between the testbed team and the TSCG. The TSCG team meet and discuss the security profile, fill in the gaps of the security profile for the testbed, and schedule a review with the testbed owners. The TSCG team reviews the security profile, asks further questions and provides feedback. The Testbed team updates the security profile according to the feedback provided by the TCSG team. Additional iterations of review with the TSCG may be conducted, if desired by the Testbed team. Figure 2: The security review process IIC Journal of Innovation - 53 -