1
00:00:02,220 --> 00:00:06,610
Hello, everybody, welcome to this course on IoT security.

2
00:00:07,290 --> 00:00:13,650
I would like in this lesson to begin mentioning some standards and guidelines for IoT security.

3
00:00:17,470 --> 00:00:25,420
First of all, a little bit about myself, I'm an electronic engineer, I deal with IT security

4
00:00:25,420 --> 00:00:27,880
and digital forensics, I've

5
00:00:28,830 --> 00:00:38,530
achieved various IT certifications, such as the EC-Council CEH, the Computer Hacking Forensic Investigation

6
00:00:38,530 --> 00:00:43,390
certification, the CompTia Security+ and some other.

7
00:00:47,610 --> 00:00:53,070
So, let's start with some standards and guidelines for Iot security.

8
00:00:53,760 --> 00:01:00,510
I have summarized some of the best known standards and guidelines for IoT security in this slide.

9
00:01:01,720 --> 00:01:05,310
And let's try to detail some of them.

10
00:01:09,590 --> 00:01:19,100
First of all, some words about the Enisa baseline security recommendation for IoT. ENISA is

11
00:01:19,100 --> 00:01:24,800
a European Union agency for network and information security.

12
00:01:26,760 --> 00:01:34,080
And you can download this document from the Enisa website.

13
00:01:34,800 --> 00:01:45,570
The document is a security recommendation for IoT systems, and we can see from the summary that it

14
00:01:45,570 --> 00:01:51,240
fully deals with the issue of security in the IoT world.

15
00:01:52,890 --> 00:02:00,560
In fact, it describes in chapter two the elements of IoT system.

16
00:02:02,340 --> 00:02:06,630
So the general architecture of IoT system.

17
00:02:07,470 --> 00:02:13,770
And it describes in Chapter three some critical attack scenarios.

18
00:02:14,790 --> 00:02:27,090
And you can also find common policies for IoT systems in Chapter four and four dot three describes

19
00:02:27,090 --> 00:02:38,760
technical measures about hardware security, about the system safety and reliability, authentication

20
00:02:38,760 --> 00:02:41,550
authorization mechanism, etc..

21
00:02:42,590 --> 00:02:52,910
So it's fully describes security recommendation for IoT systems, so read it, take a look at this document

22
00:02:52,910 --> 00:02:56,240
is strongly recommended to deepen the topic.

23
00:02:58,140 --> 00:03:14,130
Oh, this table from from the mentioned document, for example, is taken from Chapter four and it

24
00:03:14,130 --> 00:03:16,560
describes threat and risk analysis.

25
00:03:17,670 --> 00:03:23,550
We will see later in the course a typical architecture of IoT system.

26
00:03:24,640 --> 00:03:29,440
The slide shows the typical attacks on the components of the architecture.

27
00:03:30,120 --> 00:03:40,380
So, for example, against sensors, modifying the values read by them or their threshold values

28
00:03:40,380 --> 00:03:41,460
and settings.

29
00:03:41,790 --> 00:03:54,450
And for this risk the importance level is high-crucial. Against the administration system of

30
00:03:54,450 --> 00:04:01,350
IoT, Exploiting protocol vulnerabilities, with importance level of high, etc..

31
00:04:04,450 --> 00:04:14,470
You can also from Enisa, you can also download the guidelines for the secure development of software

32
00:04:14,470 --> 00:04:15,670
for the IoT.

33
00:04:17,930 --> 00:04:23,600
And so practices for security of IoT secure software development lifecycle.

34
00:04:27,580 --> 00:04:40,800
And another important document is the GSMA IoT security guidelines

35
00:04:42,650 --> 00:04:48,290
The collection of these documents includes four documents.

36
00:04:49,580 --> 00:05:00,350
First of all, a general overview document, and you can also take a look at IoT security guidelines

37
00:05:00,350 --> 00:05:08,330
document for the service ecosystem, one for the end point, Eco-System and a document of security

38
00:05:08,330 --> 00:05:12,080
guidelines for network operators.

39
00:05:15,300 --> 00:05:16,010
.

40
00:05:17,570 --> 00:05:27,430
In this slide, we can see the table of contents of the IoT security guidelines for IoT service ecosystem,

41
00:05:28,460 --> 00:05:40,250
and as you can see, you can find at Chapter five critical recommendations and how to define an

42
00:05:40,700 --> 00:05:50,480
organizational root of trust, how to define an administration model, system logging and monitoring

43
00:05:50,480 --> 00:05:52,400
approach, etc..

44
00:05:54,020 --> 00:05:59,300
You can also find at Chapter six high priority recommendation.

45
00:05:59,990 --> 00:06:04,130
The next chapter describes medium priority recommendation.

46
00:06:04,150 --> 00:06:04,970
And so on

47
00:06:09,330 --> 00:06:09,900
And.

48
00:06:12,430 --> 00:06:21,460
Iot Security Foundation also has developed a number of documents, including the IoT security compliance

49
00:06:21,460 --> 00:06:34,060
framework, that it's described in this slide, and it's about a comprehensive checklist to guide an organization

50
00:06:34,540 --> 00:06:38,810
through the Iot security assurance process

51
00:06:40,440 --> 00:06:43,110
And you can download these documents.

52
00:06:46,160 --> 00:06:57,740
And this framework can be used by the Iot security auditors to evaluate the adherence of Iot systems

53
00:06:58,280 --> 00:07:02,830
to the framework, thus identifying any anomalies and gaps.

54
00:07:03,620 --> 00:07:08,680
This is an extract from the table of contents of this document.

55
00:07:12,910 --> 00:07:23,080
Lastly, deserves mention the series of ISA/IEC 62443 standards for

56
00:07:23,080 --> 00:07:27,430
the world of industrial automation and control systems.

57
00:07:29,490 --> 00:07:38,730
So you can also take a look at this site and download these series of documents.

58
00:07:42,120 --> 00:07:46,700
So thank you for your kind attention.