Extending the IIC IoT Security Maturity Model to Trustworthiness
Figure 1: IoT Security Maturity Model Hierarchy
There are two dimensions to the evaluation
of the security maturity. They are
comprehensiveness and scope.
There are five comprehensiveness levels for
every security Domain, Sub-Domain and
Practice, from Level 0 to Level 4 (None,
Minimum, Ad hoc, Consistent and
Formalized), with larger numbers indicating
a higher degree of comprehensiveness of
security controls. Each comprehensiveness
level sets out new requirements while also
including all of the requirements of the
lower levels. The Security Maturity Model
describes Levels 1 to 4 but not Level 0 since
that level does not set any requirements.
Comprehensiveness
Comprehensiveness captures the degree of
depth, consistency and assurance of security
measures that support security maturity. For
example,
a
higher
level
of
comprehensiveness of threat modeling
implies a more automated, systematic and
extensive approach.
September 2018
- 103 -