An Information Security Risk Management Model for Smart Industries

Internet of Things (IoT) has been acknowledged as a new revolution in technology. IoT play an important role in the flourishing of smart manufacturing and in supply chains. However, information security is a controversial issue in this domain. In this paper, a novel information security management model is presented that shows how an appropriate threat model and risk model can mitigate the risk of information security breaches in an industrial environment. Risk identification based on organisational assets, analysis, evaluation, and treatment along with scope specification considering risk management in ISO/IEC 27005, HTRA, CORAS and OCTAVE Allegro have been considered in the framework development. The presented model mitigates the risk of information security for both service providers and service consumers in this environment. At the end of the paper, we highlight the ways in which the current research supplies us with a direction for future research in this domain.