Risk Management approach to IPv6 based Internet of Things security
Onyait, John Anthony (2018-10-01)
Risk Management approach to IPv6 based Internet of Things security
Onyait, John Anthony
(01.10.2018)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Tiivistelmä
Internet of Things is the latest technology wave sweeping across every field and industry. Improving efficiency and productivity with realtime information while providing new services to the stakeholders/endusers. True potential of the Internet of Things is yet to be fully realized with the transition of networks from IPv4 to the address abundant IPv6 as a backbone infrastructure. However, well founded concerns of security and privacy are prevalent in the Internet of Things. While IPv6 security is more assuring, the protocol is relatively new and therefore migration requires expertise. Organizations find themselves in an uncertain situation with an already depleted IPv4 address space, there is an unavoidable need to transition to IPv6 and implement IoT technologies to keep a competitive edge while reaping the benefits.
Information technology risk management in many organizations employs best practise methods supported by an enterprise risk management framework. Despite these efforts security breaches are occuring in many organizations as the threat landscape has exponentially grown. Known or not, there are new avenues for attackers and malicious individuals to exploit vulnerabilities in poor configurations of IPv6 and careless implementations of IoT.
This thesis reviews the principles and security aspects of IPv6 and IoT. Gauging the results of these against the most common risk management standards with the goal of filling in the strategic and procedural gaps left by the frameworks. Unforeseen risks can then be identified and classified by criticality. The objective of this thesis work is to provide senior management, information technology risk mangement teams and professionals with a preemptive approach to effectively reduce the risk to acceptable levels. Making it possible for organizations to migrate to IPv6 and stay ahead of the IoT innovation wave while aligning these efforts with their strategic objectives. The proposed solution is tested by presenting the core aspects of the suggested adjustments in a survey to all levels of enterprise, education and research professionals in risk/security management. The limitations and suggestions for future improvement are included.
Information technology risk management in many organizations employs best practise methods supported by an enterprise risk management framework. Despite these efforts security breaches are occuring in many organizations as the threat landscape has exponentially grown. Known or not, there are new avenues for attackers and malicious individuals to exploit vulnerabilities in poor configurations of IPv6 and careless implementations of IoT.
This thesis reviews the principles and security aspects of IPv6 and IoT. Gauging the results of these against the most common risk management standards with the goal of filling in the strategic and procedural gaps left by the frameworks. Unforeseen risks can then be identified and classified by criticality. The objective of this thesis work is to provide senior management, information technology risk mangement teams and professionals with a preemptive approach to effectively reduce the risk to acceptable levels. Making it possible for organizations to migrate to IPv6 and stay ahead of the IoT innovation wave while aligning these efforts with their strategic objectives. The proposed solution is tested by presenting the core aspects of the suggested adjustments in a survey to all levels of enterprise, education and research professionals in risk/security management. The limitations and suggestions for future improvement are included.