What You Will Learn Learn how to break down cross-industry barriers by adopting the best practices for IoT deployments Build a rock-solid security program for IoT that is cost-effective and easy to maintain Demystify complex topics such as cryptography, privacy, and penetration testing to improve your security posture See how the selection of individual components can affect the security posture of the entire system Use Systems Security Engineering and Privacy-by-design principles to design a secure IoT ecosystem Get to know how to leverage the burdgening cloud-based systems that will support the IoT into the future. Book Description With the advent of Intenret of Things (IoT), businesses will be faced with defending against new types of threats. The business ecosystem now includes cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces, a desire to share information with many stakeholders and a need to take action quickly based on large quantities of collected data. . It therefore becomes critical to ensure that cyber security threats are contained to a minimum when implementing new IoT services and solutions. . The interconnectivity of people, devices, and companies raises stakes to a new level as computing and action become even more mobile, everything becomes connected to the cloud, and infrastructure is strained to securely manage the billions of devices that will connect us all to the IoT. This book shows you how to implement cyber-security solutions, IoT design best practices and risk mitigation methodologies to address device and infrastructure threats to IoT solutions. This book will take readers on a journey that begins with understanding the IoT and how it can be applied in various industries, goes on to describe the security challenges associated with the IoT, and then provides a set of guidelines to architect and deploy a secure IoT in your Enterprise. The book will showcase how the IoT is implemented in early-adopting industries and describe how lessons can be learned and shared across diverse industries to support a secure IoT. Authors Brian Russell Brian Russell is a chief engineer focused on cyber security solutions for Leidos (https://www.leidos.com/). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers, with a focus on securing Internet of Things (IoT). Brian leads efforts that include security engineering for Unmanned Aircraft Systems (UAS) and connected vehicles and development security systems, including high assurance cryptographic key management systems. He has 16 years of information security experience. He serves as chair of the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group, and as a member of the Federal Communications Commission (FCC) Technological Advisory Council (TAC) Cybersecurity Working Group. Brian also volunteers in support of the Center for Internet Security (CIS) 20 Critical Security Controls Editorial Panel and the Securing Smart Cities (SSC) Initiative (http://securingsmartcities.org/). Join the Cloud Security Alliance (CSA) IoT WG @ https://cloudsecurityalliance.org/group/internet-of-things/#_join. You can contact Brian at https://www.linkedin.com/in/brian-russell-65a4991. Drew Van Duren Drew Van Duren currently works at Leidos as a senior cryptographic and cybersecurity engineer, highlighting 15 years of support to commercial, US Department of Defense, and US Department of Transportation (USDOT) customers in their efforts to secure vital transportation and national security systems. Originally an aerospace engineer, his experience evolved into cyber-physical (transportation system) risk management, secure cryptographic communications engineering, and secure network protocol design for high assurance DoD systems. Drew has provided extensive security expertise to the Federal Aviation Administration's Unmanned Aircraft Systems (UAS) integration office and supported RTCA standards body in the development of cryptographic protections for unmanned aircraft flying in the US National Airspace System. He has additionally supported USDOT Federal Highway Administration (FHWA) and the automotive industry in threat modeling and security analysis of connected vehicle communications design, security systems, surface transportation systems, and cryptographic credentialing operations via the connected vehicle security credential management system (SCMS). Prior to his work in the transportation industry, Drew was a technical director, managing two of the largest (FIPS 140-2) cryptographic testing laboratories and frequently provided cryptographic key management and protocol expertise to various national security programs. He is a licensed pilot and flies drone systems commercially, and is also a co-founder of Responsible Robotics, LLC, which is dedicated to safe and responsible flight operations for unmanned aircraft. You can reach Drew at https://www.linkedin.com/in/drew-van-duren-33a7b54. Table of Contents Chapter 1: A Brave New World Chapter 2: Vulnerabilities, Attacks, and Countermeasures Chapter 3: Security Engineering for IoT Development Chapter 4: The IoT Security Lifecycle Chapter 5: Cryptographic Fundamentals for IoT Security Engineering Chapter 6: Identity and Access Management Solutions for the IoT Chapter 7: Mitigating IoT Privacy Concerns Chapter 8: Setting Up a Compliance Monitoring Program for the IoT Chapter 9: Cloud Security for the IoT Chapter 10: IoT Incident Response