Using Metrics in the Industrial IoT Value Chain to Drive Trustworthiness
Compliance with any prevailing regulations
is a baseline trustworthiness consideration,
but there may be benefits from going
beyond minimum compliance (as discussed
in the “Trustworthiness from a Business
Perspective” section of this article). Figure 3
illustrates how the current state of
trustworthiness aspect may be positioned
with respect to a minimum compliance level
versus a target state determined by business
considerations. This is a sample illustration –
actual data will depend on the specifics of
the business situation.
make decisions. Such an approach is less well
suited to addressing low frequency and high
impact events (for example flooding risks in
certain locations where floods are a rare and
unexpected event). Thus investment
decisions should not be based solely on
quantitative analysis but also should include
judgments and investments based on an
understanding of high impact events. Care
must be taken that both the data and the
analysis used to make decisions are
appropriate and that the confidence in the
data quality and analysis is appropriate to
the concerns. The analysis
should take into account
operational goals and their
corresponding
metrics,
financial and other targets, risk
metrics and trustworthiness
considerations.
Risks of various types,
including security risks, safety
hazards, natural events and
privacy risks (among others)
can be mitigated through
organizational changes (e.g.,
training staff) as well as
technology deployment (for
example, deploying identity
management
processes).
Figure 3: Kiviat diagram illustrating Minimum, Current and Target states of
Other
traditional
risk
Trustworthiness Aspects for an IIoT system
management approaches may
also be used, such as purchasing insurance,
Decisions
on
investing
in
real
that effectively transfers risk. Risks may also
trustworthiness options can be based on a
be accepted as a necessary component of an
structured analysis of scenarios based on the
overall business, but this should only be
risks and consequences. Such analysis works
done if the consequences of those risks (and
best for potentially high-frequency events
the company’s risk attitude) are well
since the probabilities can be quantified and
understood. Mitigating risks through the use
used in conjunction with an analytical model
of technology or organizational changes can
of the business to review scenarios and
September 2018
- 91 -