RIoT Control

RIoT Control

Understanding and Managing Risks and the Internet of Things

1st Edition - September 15, 2016

Write a review

  • Author: Tyson Macaulay
  • eBook ISBN: 9780124199903
  • Paperback ISBN: 9780124199712

Purchase options

Purchase options
DRM-free (PDF, EPub, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


RIoT Control: Understanding and Managing Risks and the Internet of Things explains IoT risk in terms of project requirements, business needs, and system designs. Learn how the Internet of Things (IoT) is different from “Regular” Enterprise security, more intricate and more complex to understand and manage. Billions of internet-connected devices make for a chaotic system, prone to unexpected behaviors. Industries considering IoT technologies need guidance on IoT-ready security and risk management practices to ensure key management objectives like Financial and Market success, and Regulatory compliance. Understand the threats and vulnerabilities of the IoT, including endpoints, newly emerged forms of gateway, network connectivity, and cloud-based data centers. Gain insights as to which emerging techniques are best according to your specific IoT system, its risks, and organizational needs. After a thorough introduction to the Iot, Riot Control explores dozens of IoT-specific risk management requirements, examines IoT-specific threats and finally provides risk management recommendations which are intended as applicable to a wide range of use-cases.

Key Features

  • Explains sources of risk across IoT architectures and performance metrics at the enterprise level
  • Understands risk and security concerns in the next-generation of connected devices beyond computers and mobile consumer devices to everyday objects, tools, and devices
  • Offers insight from industry insiders about emerging tools and techniques for real-world IoT systems


IT architects or operational decision-makers and managers tasked with specifying or designing IoT systems

Table of Contents

  • Chapter 1. Introduction—The Internet of Things

    • Abstract
    • You Are Never Too Young to Start Good Habits
    • What Is the IoT?
    • Audience
    • How This Book Flows
    • What Is the IoT?
    • The “Old” Internet of Data, Voice, and Video
    • The Internet ++
    • Who Are the Major Players in the IoT?
    • Why Do They Care? Stakeholders From a Different Angle
    • Conclusion

    Chapter 2. The Anatomy of the Internet of Things

    • Abstract
    • When Does the IoT Actually Get Here?
    • IPv4 Does Not Do IoT Any Favors
    • IoT Is Enabled by IPv6
    • The Architectural Framework of the IoT: Endpoints, Gateways, Networks, and DCs/Clouds
    • Endpoint Asset Class in the IoT
    • Gateway Asset Class in the IoT
    • Network Asset Class in the IoT
    • Cloud and Data Center as an Asset Class
    • Conclusions

    Chapter 3. Requirements and Risk Management

    • Abstract
    • A Parable for Requirements and Risk Management
    • Introduction
    • Audience
    • Framing the Discussion
    • What Are Security Requirements?
    • Translation, Please! Organizational and Business Process Requirements in Plain(er) Language
    • Really—Who Wants to Know All This Requirements Stuff?!
    • Risk, Requirements, and Deliverables
    • Technical Requirements: This Is Where We Draw the Line
    • Applications and Services Composing the IoT
    • Industry Use Cases, Efficiencies, and Satisfaction
    • Summary

    Chapter 4. Business and Organizational Requirements

    • Abstract
    • Parable for Business and Organizational Requirements
    • Introduction
    • Audience
    • Business and Organizational Requirements in the IoT
    • Regulatory and Legal Requirements
    • Financial Requirements
    • Competitive Requirements
    • Internal Policy Requirements
    • Auditing and Standards in the IoT
    • Summary

    Chapter 5. Operational and Process Requirements

    • Abstract
    • Parable for Operational and Process Requirements
    • Introduction
    • Audience
    • Operational and Process Requirements in the IoT
    • The Remaining Chapters in This Book

    Chapter 6. Safety Requirements in the Internet of Things

    • Abstract
    • Safety Is Not Exactly the Same as Security
    • Performance
    • Reliability and Consistency
    • Nontoxic and Biocompatible
    • Disposability
    • Safety and Change Management in the IoT
    • Divisibility of Safety and Service Delivery Updates and Longevity
    • Startup and Shutdown Efficiency (Minimization of Complexity)
    • Failing Safely
    • Isolation of Safety and Control from Service Delivery
    • Safety Monitoring Versus Management and Service Delivery
    • Recovery and Provisioning at the Edge
    • Misuse and Unintended Applications
    • Summary and Conclusions

    Chapter 7. Confidentiality and Integrity and Privacy Requirements in the iot

    • Abstract
    • Data Confidentiality and Integrity
    • Privacy and Personal Data Regulations
    • Conclusions and Summary

    Chapter 8. Availability and Reliability Requirements in the IoT

    • Abstract
    • Availability and Reliability
    • Simplicity Versus Complexity
    • Network Performance and SLAs
    • Access to IoT Design and Documentation
    • Self-Healing and Self-Organizing
    • Remote Diagnostics and Management
    • Resource Consumption and Energy Management
    • Wills
    • Flow Classification and QoS
    • Interchangeability and Vendor-Neutral Standards
    • Lifetimes, Upgrading, Patching, and Disposal
    • Heartbeats, Census, and Inventory
    • Documentation and Training
    • The Discovery-Exploit Window and Cyber-Intelligence
    • Summary

    Chapter 9. Identity and Access Control Requirements in the IoT

    • Abstract
    • Interoperability of I&A Controls
    • Multiparty Authentication and Cryptography in the IoT
    • Mass Authentication and Authorization
    • Autonomics (Self-Configuring, Intelligent Adaptions)
    • Device and Object Naming
    • Discovery and Search in the IoT
    • Authentication and Credentials Requirements
    • Authorization Requirements in the IoT
    • Attribute-Based Access Control (ABAC)
    • Writing Versus Reading in the IoT
    • Concurrency Privileges Become Uncommon in the IoT World
    • Uniquely Addressable
    • Bootstrapping Identity
    • Interoperability and New Forms of Identity Lookup
    • Ownership Transfer
    • Summary

    Chapter 10. Usage Context and Environmental Requirements in the IoT

    • Abstract
    • Introduction
    • Threat Intelligence
    • Access to and Awareness of Date and Time
    • Presence of People (Living Beings) as Context
    • Device Type as Context
    • Context Versus State of IoT Application
    • Location, Location, Location
    • Mapping IoT Service Requirements to Location and Tracking Technologies
    • Location Finding
    • Motion Tracking
    • Automated Accessibility and Usage Conditions
    • Summary

    Chapter 11. Interoperability, Flexibility, and Industrial Design Requirements in the IoT

    • Abstract
    • Interoperability of Components
    • About Industrial Design
    • Self-Defining Components and Architecture
    • Device Adaptation
    • Inclusivity of Things
    • Scalability
    • Next Generation Wireless Network Requirements
    • Standardized Interfaces
    • Limit or Minimize Black-Box Components
    • Legacy Device Support
    • Understanding When Good Is Good Enough
    • Network Flow Reversal and Data Volumes
    • What Are the New Network Requirements? What Is Changing?
    • The IoT Network Security Perimeter: Hard on the Outside
    • Control the “Net Within the ‘Net’”: Network Segmentation
    • User Preferences
    • Virtualization: Both Network and Application
    • Transportability of Subscriptions and Service: Supporting Competitive Service Provision
    • Diversity and Utility of Application Interfaces
    • Summary

    Chapter 12. Threats and Impacts to the IoT

    • Abstract
    • Threats to the IoT
    • Threat Agents
    • New Threat Agents in the IoT
    • Business (Organizational) Threats
    • Operational and Process Threats in the IoT
    • Conclusion

    Chapter 13. RIoT Control

    • Abstract
    • Managing Business and Organizational Risk in the IoT
    • Financial Vulnerabilities and Risks
    • Competitive and Market Risks
    • Internal Policy
    • Operational and Process Risk in the IoT
    • Confidentiality and Integrity
    • Availability and Reliability
    • Identity and Access Controls
    • Usage Context and Operating Environment
    • Interoperability and Flexibility
    • Skills and IoT Risk Management
    • Summary

Product details

  • No. of pages: 404
  • Language: English
  • Copyright: © Morgan Kaufmann 2016
  • Published: September 15, 2016
  • Imprint: Morgan Kaufmann
  • eBook ISBN: 9780124199903
  • Paperback ISBN: 9780124199712

About the Author

Tyson Macaulay

Tyson Macaulay is a Chief Technology Officer and Chief Security Strategist with over 20 years in the security industry and experience at firms such as Fortinet, Intel and Bell Canada. Tyson is also a researcher with lectureship, books, periodical publications and patents dating from 1993. Tyson supports the development of engineering and security standards through the International Standards Organization (ISO), and Professional Engineers of Ontario. Specialties: Telecom-grade security design, Enterprise Risk Management, Technical Risk Management, Security Architecture, Security Methodology, Security Audit and Compliance, Security program development and Governance, International Standards development, Internet of Things (IoT), International Security Standards.

Affiliations and Expertise

CISSP, CISA, Sunnyvale, CA, USA

Ratings and Reviews

Write a review

There are currently no reviews for "RIoT Control"