ElevenPaths SandaS GRC allows organizations to support their business strategy, improve operational performance, mitigate operational risks and ensure regulatory compliance. Is the perfect complement with which you can create a governance program, risk management and effective compliance of the security of your organization’s information.
With the aim of extending this control to the IoT deployments, SandaS GRC has incorporated a set of controls to secure IoT deployments. These controls are those collected in the GSMA IoT Security Guidelines through the GSMA IoT Security Assessment, where Telefónica has actively contributed.
GSMA IoT Security Guidelines
Telefónica has collaborated within the group of GSMA IoT Security since the beginning of 2016 in the development of the IoT Security Guidelines.
These GSMA security guidelines contain best practices and security recommendations for the Internet of Things. Each document is focused on one layer of the IoT technology stack. To develop these guidelines, actors from all areas of the IoT ecosystem have collaborated: service companies, operators, device manufacturers, communication modules and processors. These four guides are:
- General safety guide
- Security guide for ecosystems of services
- Security guide for device ecosystems
- Security guide for network operators
The first is an introductory document, while the other three focus on each of the levels of the IoT ecosystem. Each area has different challenges that must be addressed in a specific way, with the aim of guaranteeing its security.
GSMA IoT Security Assessment
Based on these recommendations, the working group led by Telefónica as operator has generated the self-assessment IoT Security Assessment checklist that was published in September 2016 and that has been recently updated to include the recommendations in LPWA networks. The purpose of this document is to provide the different actors of the IoT ecosystem with a list of specific controls to take into account when designing and evaluating the security of an IoT solution.
The self-assessment guide IoT Security Self Assessment is structured in three main sections that cover end-to-end IoT security: processes in the organization, service platforms and devices. The questions in each of these sections are referenced to the recommendations contained in the different documents of the GSMA IoT Security Guidelines.
Sandas GRC and the IoT Security Guidelines
With the addition of the GSMA IoT Security Assessment, SandaS GRC offers a complete and unified view of risk, helping to manage key risks in the whole organization including IoT devices, minimizing their impact on the business.
In this way, it allows a strategic allocation of resources and ensures adequate controls for an integral security plan of an IoT deployment.
José Rodriguez Pérez