# Future developments in standardisation of cyber risk in the Internet of   Things (IoT)

**Authors:** Petar Radanliev, David C De Roure, Jason RC Nurse, Rafael Mantilla, Montalvo, Stacy Cannady, Omar Santos, Peter Burnap, Carsten Maple

arXiv: 1903.04428 · 2020-04-30

## TL;DR

This paper introduces a new model for assessing the economic impact of IoT cyber risks by adapting existing standards through a novel design process and new risk assessment vectors tailored for IoT environments.

## Contribution

It presents a new impact assessment model for IoT cyber risk, incorporating a design process and specific risk vectors, filling gaps in current standards.

## Key findings

- Identified gaps in current cyber risk standards for IoT
- Developed a new impact assessment model for IoT cyber risk
- Proposed design principles for future cyber risk standards

## Abstract

In this research article, we explore the use of a design process for adapting existing cyber risk assessment standards to allow the calculation of economic impact from IoT cyber risk. The paper presents a new model that includes a design process with new risk assessment vectors, specific for IoT cyber risk. To design new risk assessment vectors for IoT, the study applied a range of methodologies, including literature review, empirical study and comparative study, followed by theoretical analysis and grounded theory. An epistemological framework emerges from applying the constructivist grounded theory methodology to draw on knowledge from existing cyber risk frameworks, models and methodologies. This framework presents the current gaps in cyber risk standards and policies, and defines the design principles of future cyber risk impact assessment. The core contribution of the article therefore, being the presentation of a new model for impact assessment of IoT cyber risk.

---
Source: https://tomesphere.com/paper/1903.04428