IoT security by design might seem like a buzzword in that it’s not well-defined in the consumer landscape, but KORE Wireless’s Chris Francosky said the most effective security measures are put in place well before production even begins.
Host Shelby Skrhak sat down with Francosky on this episode of the Industrial IoT podcast, brought to you by MarketScale.
“I’m evangelizing this idea of a five-step process centered around threat modeling, which is at the heart of security by design,” Francosky said.
5 Step Process for Threat Modeling
- Define your assets – not only devices, but the data, as well.
- Decompose that application through an architecture diagram so you can see clearly how the application is broken up.
- Look at each area of the decomposed application and identify threats.
- Document threats.
- Rate and prioritize threats
How do you recognize threats? In the late 1990s, Microsoft devised an acronym that summarizes the kinds of threats to look for, and it’s still useful today, Francosky said.
The acronym STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Escalation of Privilege. These aspects serve as guideposts to help you identify the types of threats you’re looking for.
KORE Wireless offers tool suites to help make IoT security a part of a consistent process.
For the latest news, videos, and podcasts in the IoT Industry, be sure to subscribe to our industry publication.