Extending the IIC IoT Security Maturity Model to Trustworthiness
Security Maturity Model itself. This would make sense when changes are generally applicable. Both approaches could be followed simultaneously.
APPLYING COMPREHENSIVENESS AND SCOPE TO TRUSTWORTHINESS
Both comprehensiveness and scope are widely applicable maturity model concepts that can be applied to all aspects of trustworthiness. For example, privacy by design and default within an entire organization is a different level of maturity than privacy considered only within a department of an organization. An in-depth privacy program taking into account medical-specific concerns is different than a generic program.
�
� trustworthiness aspects either support or detract from each other. Level 3, Consistent. Trustworthiness is addressed systematically at this level with the application of methods, best practices and standards. This facilitates a consistent approach toward the implementation of required trustworthiness aspects, taking into account the complexity of the interactions. Metrics are used as appropriate. Level 4, Formalized. Trustworthiness is supported at this level with assurance cases to establish confidence in the system for organization needs. Support for trustworthiness is continuously evaluated, improved and harmonized among the aspects.
The IoT Security Maturity Model concept of comprehensiveness levels can be enhanced for trustworthiness as follows:
�
�
Level 1, Minimum. Trustworthiness can be addressed at this level by noting that general concerns related to trustworthiness aspects beyond security are considered. These aspects represent general concerns such as“ we need this equipment to be reliable, safe and to provide enough security features,”“ we need for this component to be safe and have system resilience in the case of security attacks” and“ we have to make the service secure and take care to protect privacy.” Level 2, Ad hoc. Trustworthiness can be considered at this level with separate cases demonstrating how
Understanding and managing the interactions of trustworthiness aspects can be difficult. Stakeholders can identify the interactions of trustworthiness aspects by examining use cases. For example, updating the anti-malware databases on a SCADA server affects the continuous control process execution at a production line with a probable negative impact on process safety.
Scope can also be useful to understanding and managing the interaction of trustworthiness aspects, since it is about the industry or system specifics needed to make tradeoffs among trustworthiness aspects. The following considerations may help in revealing the interactions of trustworthiness aspects, to anticipate and mitigate undesirable interactions, and to take advantage of the aspects supporting each other:
September 2018- 107-