Cybersecurity has a CAGR of 12% at 259B through 2025 and qualifications are highly in demand, particularly in regards to IOT and industrial (IIoT) use cases.
IoT endpoint devices include sensors, actuators, microcontrollers, smart appliances, and wearable devices as well as edge devices such as field gateways that perform local data encryption/decryption, compute, storage, data collection, and data aggregation functions for resource-constrained IoT devices.
Device Trusted Rollback
Mobile Device Audits
Device Lifecycle Management
IoT devices can use communication protocols that are not recognized or protected by enterprise security controls. Enterprise firewalls and intrusion detection systems are designed to protect against enterprise specific threats, not attacks against industrial or consumer IoT protocols. IoT devices may be highly mobile or deployed in remote locations. As a result, these devices may be directly connected to the Internet with none of the protections found in a corporate environment.
Mutual Authentication & Encryption
Identity and Access Management (IAM) requirements deal with both user and device identity management, authentication, access control, and the creation of security groups.
A method for preventing unauthorized access to devices and data on the device must be implemented. All data that is generated, collected, stored, transits, or shared via a device must be properly classified and handled accordingly.
Data Location and Aggregation
Data Retention and Duration
Data Encryption and Key Management
IoT applications should follow best practices for security controls, authorization, and authentication of devices and users. In addition, the IoT Shadow Trust Framework (IoTSTF) findings and recommendations should be considered, which embodies the concept of pursuing device trustworthiness through the analysis of IoT digital twins (device shadows) and their associated data streams.
Device Shadows (Digital Twins)
OMG DDS Messaging
Incident management pertains to monitoring and detection of incoming security threats, the collection and logging of incident data, alert notifications, and incident response. This applies to the device edge environment, the cloud environment, and the interfaces between the two. In addition, such a system will help to meet compliance audit requirements (such as for GDPR) for data logging.
Incident Monitoring and Detection
Hardware Security Modules (HSMs)
Encrypted Server Appliances
Encrypted USB Drives
GIAC - Global Information Assurance Certification
CEH - Certified Ethical Hacker
GSEC - GIAC Security Essentials Certification
CISSP - Certified Information Systems Security Professional
ISSMP - Information Systems Security Management
CISM - Certified Information Security Manager
HCISPP - HealthCare Information Security and Privacy Practitioner
CIPT - Certified International Association of Privacy Professionals
FACHE - Fellow of the American College of Healthcare Executives
CPHIMS - Certified Professional in Healthcare Information and Management Systems
CIPP - Certified International Association of Privacy Professionals
QSA - Qualified Security Assessor
GCED - GIAC Certified Enterprise Defender
GCFE - GIAC Certified Forensic Examiner
GCIH - GIAC Certified Incident Handler
GCIA - GIAC Certified Intrusion Analyst
GSNA - GIAC Systems and Network Auditor
CISO - Chief Information Security Officer
CSP - Certified Safety Professional
NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements"
GSA - Highly Adaptive Cybersecurity Services (HACS)