Systematic analysis and comparison of security advice as datasets

A long list of documents have been offered as security advice, codes of practice, and security guidelines for building and using security products, including Internet of Things (IoT) devices. To date, little or no systematic analysis has been carried out on the advice datasets themselves. Towards ad...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2023-01, Vol.124, p.102989, Article 102989
Hauptverfasser: Bellman, Christopher, van Oorschot, Paul C.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A long list of documents have been offered as security advice, codes of practice, and security guidelines for building and using security products, including Internet of Things (IoT) devices. To date, little or no systematic analysis has been carried out on the advice datasets themselves. Towards addressing this, with IoT as a case study, we begin with an informal analysis of two documents offering advice related to IoT security—the ETSI Provisions and the UK DCMS Guidelines—and then carry out what we believe is the first systematic analysis of these advice datasets. Our analysis explains in what ways the ETSI Provisions are a positive evolution of the UK DCMS Guidelines. We also suggest aspects of security advice warranting special attention by those offering security advice. Such parties may find the systematic analysis method, which categorizes advice into predefined categories, to be of general interest beyond IoT itself.
ISSN:0167-4048
DOI:10.1016/j.cose.2022.102989