Cybersecurity Topic Guide.
Capstone Project Name: Securing IoT Devices within a Complex Enterprise.
Project Topic: IoT Security
Summary of the problem: The issue of IoT device security is large, and increasing as more business and organizations utilize IoT devices for automation of tasks, security and everything inbetween within an organization. The organization used will be fictitious, but will present an issue that is common within companies and future organizations as IoT usage expands.
Outline of technology-supported security solution: The proposed security solution will involve specific security devices, administrative policies and configured logical controls, in order to provide a solution that present a solid defense-in-depth approach.
Context: Explain why the situation or question would benefit from your security solution. The benefit would mainly be a decrease in risk of current and future IoT devices and platforms, as well as more employee training/awareness, more robust policies, more effective technical and logical controls, as well as a reduction in the overall attack surface.
Stakeholders: Identify the project stakeholders. Stakeholders include all employees, volunteers, customers, investors and shareholders.
Project Plan: Describe the project plan, scope, goals, and objectives. The project plan is to implement several security measures in a defense-in-depth approach. The scope includes all widely available security appliances on the market, IoT devices that are commonly used within organizations and companies, as well as best practice/regulatory requirements. The goal is to ensure that risk of exploitation of IoT devices within an organization is lowered, while ensuring a hardened cyber defense. The objectives include describing what IoT devices are, how they are typically used, how they will be used in this specific case, the processes and features of each kind of device, security hardening solutions, administrative/policy solutions and continuous monitoring capabilities.
Methodology: Outline the project approach. The approach will involve utilizing research gathered on IoT devices that are being currently used and any/all future planned IoT devices, as well as best practices regarding their secure use. The approach for administrative and logical changes to the organization will involve best practices and regulatory requirements for the organization, per NIST, SOX, GDPR and other regulations, as relevant.
Implementation Plan: Identify the project phases. The phases are as follows: Identify the organization and provide background information, Identify IoT devices currently in use and include any future planned IoT devices, identify all risks and issues, propose all mitigation solutions with justification, propose administrative changes and provide continuous monitoring solutions.
Project Outcomes: List the key anticipated project outcomes and deliverables in 500 words or less. The key deliverable for the project is to ensure the organization has a solid plan for ensuring that the attack vector related to any current and future planned IoT devices is minimized effectively. The outcomes involve ensuring efficient security appliances are proposed, with several other administrative and logical solutions to ensure successful risk mitigation throughout the entire process. The other outcome is to ensure employees receive training and awareness on threats related to these devices and organization as a whole.