Enterprise Internet of Things

(EIOT)
CT121-3-2 & Version VC1

Security
 Topic & Structure of the lesson

 What is security
 Basic of defense
 Level of protection
 Ethics & Privacy in IOT

Enterprise Internet of Things Security Slide 2 of 28

 Learning Outcomes

At the end of this lecture, YOU should be

 What is security
 Basic of defense
 Level of protection
 Ethics & Privacy in IOT

Enterprise Internet of Things Security Slide 3 of 28

 Key Terms You Must Be Able To
Use
If you have mastered this topic, you should be able to use the following
terms correctly in your assignments and exams:

What is security
Basic of defense
Level of protection
Ethics & Privacy in IOT

Enterprise Internet of Things Security Slide 4 of 28

 What is Security?

 The quality or state of being secure—to be free from danger”

 A successful organization should have multiple layers of security in
place:

1. Physical security (perimeter security: guard, locks,

fencing and etc.)

2. Access control (regulate who or what can be viewed,

Physical Access Control limits access to campuses,
buildings, rooms and Logical Access Control limits
connections to computer networks, system files and data.)

Enterprise Internet of Things Security Slide 5 of 28

 3. Personnel security (a system of policies and procedures
to mitigate risks for workers (insiders) exploiting their
legitimate access to an organization's assets for
unauthorized purposes.
e.g. Internet acceptable use, social media policy, remote
access, mobile and personal device use (for example, “Bring
Your Own Device,” or BYOD), and sexual harassment.

4. Operations security (is a risk management process that

helps managers to protect sensitive data from being
accessed by unauthorized person.
E.g. giving the employees minimum access to do their jobs,
Disaster Recovery Plan).

Enterprise Internet of Things Security Slide 6 of 28

 5. Communications security (COMSEC is the prevention of
unauthorized access to telecommunications traffic, or to any written
information that is transmitted or transferred.
E.g. encryption, transmission security – protects unauthorized access
when data physically transferred).

6. Network security (protects of any unauthorized access against

network resources. Make policy for CIA.
E.g. employees do not pass their credentials to anyone else through
email, orally and etc.)

7. Information security (protect against unauthorized access to data

and information in order to achieve Confidentiality, Integrity and
Availability [C - I – A])

Enterprise Internet of Things Security Slide 7 of 28

 Basic of Defense

• Involve the use of systems and countermeasures

such as policies, procedures, people, equipment,
architectural design and strategies to prevent loss
and deter (prevent), detect, deny, delay or detain
(arrest) the person or agent that may cause harm to
the enterprise.

• In another words, security take every sector into

account.

Enterprise Internet of Things Security Slide 8 of 28

 Levels of Protection

Level 1 : Minimum Protection

– Prevent some unauthorized external threat activity
– Use of simple locks and physical barriers

Level 2: Low-Level Protection

– Prevent and detect some unauthorized external
threat activity
– Use of basic local alarms, physical barriers, security
lighting and high security locks.

Enterprise Internet of Things Security Slide 9 of 28

Physical security
Levels of Protection

Level 3: Medium Protection

– Prevent, detect and assess most unauthorized
external threat activity.
– Use of high-security physical barriers, monitored
alarm systems, security personnel and basic
communication system.

Level 4: High-Level Protection

– Prevent, detect and assess most unauthorized
external and internal threat activity.
– Use of perimeter alarms (call to warn), access control,
formal contingency plans etc.
Enterprise Internet of Things Security Slide 10 of 28
Physical security

Levels of Protection

Level 5: Maximum Protection

– Impede, detect, assess and neutralize all
unauthorized external and internal threat activity.
Impede
– Use of on-site armed security response personnel
and sophisticated alarm systems.

Enterprise Internet of Things Security Slide 11 of 28

 Ethics & Privacy in IOT
(Operation security)

Ethics
• Involves moral principles and focuses on the concept of
right and wrong and standards of behavior.

• Based on moral standards, whether illegal or not.

• Moral standards or ethical values are formed through

the influence of others that concerned with the
relationships between people and how they exist in
peace and harmony. (e.g. Difference between Hacker
and Ethical Hacker?)
Enterprise Internet of Things Security Slide 14 of 28
 Ethics in IOT

• There are many ethical problems that may arise from the
IoT.

• In the Code of Ethics for the IEEE it states that it will

strive “to treat fairly all persons regardless of such
factors as race, religion, gender, disability, age, or
national origin” (IEEE, 2012).

• Also, the Association for Computing Machinery

(ACM) Code of Ethics states it will “be fair and take
action not to discriminate” (ACM council, 2012).
Enterprise Internet of Things Security Slide 15 of 28
 • Although the Internet of Things claims to strive to close
the gap between the rich and poor, it could also have the
reverse effect.

• However, the IoT can discriminate against certain groups

of people that do not have access to the internet. 

• There are many countries and lower income families that

do not have access to the internet, so they will not be
able to reap the benefits offered by the Internet of
things. 

Enterprise Internet of Things Security Slide 16 of 28

 Privacy issues in IoT

• The Internet of Things may also impede on privacy, yet

the Code of Ethics for ACM says it will “respect the
privacy of others” and “honor confidentiality”. 

• By collecting information on people and their habits,

companies will have access to and the tools to infringe
upon consumers.  It is not uncommon for companies to
do as so.

• Take for example Google and the recent law suit of them
sharing so called “confidential” information with other
companies.
Enterprise Internet of Things Security Slide 17 of 28
 • When companies have this information readily available
to them, and they have the possibility to increase their
revenue tremendously, they are more likely to infringe
upon our rights.

• Everything that we do on the internet is kept.  Even if you

delete something, it will always exist. 

• This information can be transformed into many tools for

companies to help them generate revenue.

Enterprise Internet of Things Security Slide 18 of 28

 • For example, the internet can track our likes and dislikes
by identifying which sites we go on.

• Therefore on some websites that allow advertisements,

these commercials that appear are specifically
generated to entice us to purchase more. 

• These ties into the next bullet of honoring confidentiality.

Enterprise Internet of Things Security Slide 19 of 28

 Although ACM is here to help, it does not prevent
companies from misusing the technology to begin with.  A
way for ACM to prevent these mishaps from happening is
to solely allow the information that is generated for the
specific individual and the parties they allow the information
to be shared with. 

Enterprise Internet of Things Security Slide 20 of 28

 • For example, an elderly person can sign a waiver saying
that the information that is generated by the chip can be
shared with the hospital.

• This is an obvious example, but a good one nonetheless.

The individual will be able to sign a waiver allowing the
information they generate to be shared with the parties
of their desire.  

Enterprise Internet of Things Security Slide 21 of 28

 Summary

• Critical information includes all forms and types

of tangible and intangible information.

• The protection of critical information is vital to

organizations, nations and individuals.

• Threats to critical information include

environmental and natural disasters, fire etc.

Enterprise Internet of Things Security Slide 22 of 28

 Summary (cont.)

• A successful organization should have multiple

layers of security in place:
– Physical security
– Access control
– Personnel security
– Operations security
– Communications security
– Network security
– Information security

Enterprise Internet of Things Security Slide 23 of 28

 Summary continues…

• IoT can create some Ethical and Privacy

issues.
• Organizations / individuals should have a
proper mechanism to handle these issues.

Enterprise Internet of Things Security Slide 24 of 28

 Quick Review Question

• Describe the level of security available, together with the

example

Enterprise Internet of Things Security Slide 25 of 28

 Summary of Main Teaching Points

• IoT security
• Basic of defense
• Level of protection

Enterprise Internet of Things Security Slide 26 of 28

 Question and Answer Session

Q&A
Enterprise Internet of Things Security Slide 27 of 28
 What we will cover next class

• Chapter 4
04 – adapting Ignite: from a waterfall to an
agile methodology

Enterprise Internet of Things Security Slide 28 of 28