Extending the IIC IoT Security Maturity Model to Trustworthiness
Sub-Domains and Practices are generic
enough to cover various trustworthiness
aspects, and in other cases, additional Sub-
Domains and Practices specific to other
trustworthiness aspects may be required by
different organizations to address their
needs.
addressing the joint assurance of two
or more characteristics for the system
in a changing environment are
currently being developed 11 .
Considering both comprehensiveness levels
as well as implementation considerations in
the context of the IoT Security Maturity
Model should help advance the maturity of
trustworthiness in systems by considering all
the aspects together with their interactions.
Governance - establishing and ensuring the
implementation of policies - is appropriate
to all aspects of trustworthiness as well as
trustworthiness as a whole. The Strategy and
Governance subdomain defined in the
Governance Domain is relevant to
trustworthiness,
including
program
management and compliance management.
The Governance Domain also includes
Threat Modeling and Risk Assessment as
well as Supply Chain and Dependencies
Management. If threat modeling is
broadened to include hazards, it may also
apply to safety as well as security, for
example.
E XTENDING THE M ODEL H IERARCHY TO
T RUSTWORTHINESS
The previous section outlined how
comprehensiveness
and
scope
are
applicable
to
trustworthiness.
As
trustworthiness includes security, it makes
sense to