Extending the IIC IoT Security Maturity Model to Trustworthiness
the fact. This can also apply as mitigations to
trustworthiness aspects such as safety
hazards, reliability failures, resilience
impacts or privacy risks.
the Governance Domain since it is about the
culture of the organization and the approach
and thinking of people, as opposed to
policies and guidance from leadership,
though related. This is critical for safety and
privacy (also for others, but especially
these) 13, 14 . This includes practices related to
personal
attitudes,
organizational
prioritization and recognition, management
leadership and commitment, accountability,
employee involvement and consultation and
collaboration.
Some of the Governance Sub-Domains are
generic and can apply to other aspects of
trustworthiness, such as supply chain
management and program management 12 .
A slight naming change can accommodate
this by changing the name of “Security
Program Management” to “Program
Management“ and “Product Supply Chain
Risk Management” to “Supply Chain
Management,” for example.
Another important organizational aspect,
especially noted in privacy and safety, is the
training and management of staff 15, 16 . This
is also part of the Institutional Domain, as
the “Training” Sub-Domain. This includes
training,
coaching
and
mentoring,
competency evaluation, etc.
There are also some areas related to
trustworthiness that can be added to the
model. Trustworthiness generally includes a
number of practices that reflect the culture
of the organization, especially in the aspects
of safety and privacy. A new domain, the
“Institutional Domain,” could address
organizational concerns. This is distinct from
Continuous improvement and learning
contribute to maintaining best capabilities
for
trustworthiness
aspects.
This
12
Using a Reliability Capability Maturity Model to Benchmark Electronics Companies. Article in International Journal of Quality
& Reliability Management. May 2007 DOI: 10.1108/02656710710748394. Sanjay Tiku Microsoft, Michael H. Azarian University
of Maryland, College Park, Michael Pecht University of Maryland, College Park
https://www.researchgate.net/publication/235280160_Using_a_Reliability_Capability_Maturity_Model_to_Benchmark_Electr
onics_Companies
13
The Safety Journey: Using a Safety Maturity Model for Safety Planning and Assurance in the UK Coal Mining Industry. Patrick
Foster, Stuart Hoult, Minerals 2013, 3, 59-72; doi:10.3390/min3010059 ;
https://www.researchgate.net/publication/272661146_The_Safety_Journey_Using_a_Safety_Maturity_Model_for_Safety_Plan
ning_and_Assurance_in_the_UK_Coal_Mining_Industry
14
Organizing For Reliability – Capability Maturity Model Assessment And Implementation Plans, Executive Summary. May 2015,
https://ops.fhwa.dot.gov/docs/cmmexesum/cmmexsum.pdf
15
Sustaining Operational Resiliency: A Process Improvement Approach to Security Management, Richard A. Caralli April 2006
https://resources.sei.cmu.edu/asset_files/TechnicalNote/2006_004_001_14672.pdf
16
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes May 2007.
Richard A. Caralli, James F. Stevens, Charles M. Wallen, David W. White, William R. Wilson, Lisa R. Young
https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14876.pdf
- 110 -
IIC Journal of Innovation