Extending the IIC IoT Security Maturity Model to Trustworthiness
1. Consider
the
definitions
of
trustworthiness aspects, identify
interactions, and consider how
industry definitions impact the scope
dimension.
implementation (such as encryption or
access control) might be the same. In
some cases, the methods used to
implement one of the aspects will
weaken the other one. Care must often
be taken to ensure aspects support
each other when required, for
example, that security methods
support and do not diminish safety
requirements 8 .
Stakeholders identify the connections
between the aspects relying on their
definitions. They make assumptions
about the situations for which they
prioritize one of the aspects over
others thus focusing on what is
important.
From the scope perspective, industry
standards may prescribe or restrict the
usage of methods and technologies.
The specific system may also impose its
own constraints. Addressing such
constraints will change the scope from
General to Industry-specific or to
System-specific according to the IoT
Security Maturity Model Scope scale.
From
the
scope
perspective,
sometimes it makes sense to consider
the specific definitions for safety,
reliability, etc. as accepted in the
industry, thus changing the scope from
the General to Industry-specific or
even to System-specific according to
IoT Security Maturity Model Scope
scale.
3. Consider how to apply assurance case
approaches to trustworthiness.
2. Consider implementation methods for
trustworthiness
aspects,
finding
common shared implementation
opportunities as well as noting
incompatible
implementation
concerns as well as industry or system-
specific implementation concerns.
Assurance of system trustworthiness
as a whole is one of the more
complicated problems for the IIoT. The
IIC Industrial Internet Security
Framework 9 considers assurance for
the
separate
trustworthiness
characteristics. The V-model for the
development lifecycle 10 traditionally
used for systems requiring safety may
be adapted for a concomitant security
assurance. Advanced approaches
Some aspects, such as security and
privacy, may have different objectives
but
the
methods
for
their
8 ITU-T
Y.4806 (11/2017). Security capabilities supporting safety of the Internet of things.
http://handle.itu.int/11.1002/1000/13391
9
Industrial Internet of Things. Volume G4: Security Framework https://www.iiconsortium.org/IISF.htm Industrial Internet
Consortium, 2016
10
Kevin Forsberg and Harold Mooz, "The Relationship of System Engineering to the Project Cycle", in Proceedings of the First
Annual Symposium of National Council on System Engineering, October 1991: 57–65.
- 108 -
IIC Journal of Innovation