Identify how the organization can provide audit trails
Assignment Description
After the discussion has been completed concerning with the networking manager of your organization concerning the integration effort, you have actions items to provide 3-5 pages of requirements addressing the security concerns present when IoT devices communicate. Organizations attempting IoT communications will need to bring their security posture to a new level of depth if they are use the benefits of IoT communications, therefore this documentation to be given to the networking is critical to the overall productivity and data security.
- The priority will be to provide an explanation of at least 1 page concerning the security concepts present when IoT devices network and communicate.
- Provide details for IoT device security: endpoint hardening, protecting against vulnerabilities, encryption and device trust using PKI.
- Provide details for IoT network security: context aware user authentication/access control, sophisticated password importance, and network and transport layer encryption
- Provide 10 “shall” security requirements associated with the IoT device network communications required for the networking manager to follow when configuring and allowing the IoT devices to communicate on the corporate network. For example, provide at least the depth of the following requirements:
- “XYZ Corporation shall provide a security layer performing encryption/decryption and ensuring data integrity and privacy”
- “The XYZ corporate network administrator shall be capable of placing owner controls or restrictions on the kinds of devices that can connect to it.”
- Identify how the organization can provide audit trails, endpoint anomaly detection and a forensic security capability to ensure a stable security posture.
Notice these are considered Tier 1 requirements, and do not need to be testable. All requirements should be clear, and unambiguous. The security discussion and requirements should be applied to the “network” and “device application” levels. For example, clients use DTLS (Datagram Transport Layer Security) at the Application level.