Framework for Risk-Based IoT Cybersecurity Audit Engagements

📅 2026-03-23
📈 Citations: 0
Influential: 0
📄 PDF

career value

166K/year
🤖 AI Summary
This work proposes the first scalable, experience-agnostic, risk-based security auditing framework for Internet of Things (IoT) devices widely deployed in enterprise environments. Addressing the critical gap in existing literature, the framework integrates established cybersecurity control standards with IoT-specific characteristics to establish a structured audit process. It is designed to be universally applicable across diverse industry sectors and accessible to both internal and external auditors regardless of their prior expertise. By systematically aligning audit procedures with device-level risk factors, the framework significantly enhances the identification, assessment, and mitigation of security risks associated with IoT deployments, thereby eliminating a persistent blind spot in organizational cybersecurity risk evaluations.

Technology Category

Application Category

📝 Abstract
The use of Internet of Things (IoT) devices is growing at a rapid rate. While much of this growth is consumer devices, IoT devices are also commonly found in corporate and industrial environments, as well. These devices can be organization-owned and managed by an information technology unit, deployed organizationally without the knowledge and involvement of technology staff or brought in to the corporate environment by user-owners. In each case, these devices may have access to corporate networks and data and are, thus, important to consider as part of organizational cybersecurity risk assessment. Despite the prevalence of these devices, there is little literature about how to audit their security. This paper presents a risk-based auditing framework which can be used by both internal and external auditors, of any experience level and in any industry, to assess IoT devices.
Problem

Research questions and friction points this paper is trying to address.

IoT
cybersecurity
audit
risk assessment
network security
Innovation

Methods, ideas, or system contributions that make the work stand out.

risk-based auditing
IoT cybersecurity
audit framework
cybersecurity risk assessment
Internet of Things
🔎 Similar Papers
No similar papers found.