The Security Maturity Model (SMM) Practitioner’s Guide provides detailed actionable guidance to assess and manage the security maturity of IoT systems.
The Industrial Internet Consortium (IIC) announced publication of the new Security Maturity Model (SMM) Practitioner’s Guide. This guide provides detailed guidance to assist IoT stakeholders assess and manage IoT systems’ security maturity.
IIC also released an update to the IoT SMML Description and Intended Use White Paper, which introduces readers to SMM concepts and approaches. The company updated the white paper — which includes updated terminology and diagrams — to ensure consistency with the SMM Practitioner’s Guide.
Goal of the SMM
The SMM uses a structured, top-down approach to goal setting and security assessment. This approach helps organizations assess security concerns and threat risks and evaluate investment against risk.
The SMM builds on concepts from the 2016 IIC Industrial Internet Security Framework. The model defines specific security maturity levels companies should achieve. Companies that continually assess security and make improvements over time can improve their risk.
The practitioner’s guide highlights three case studies that illustrate how IoT stakeholders successfully applied the maturity assessment process and applied SMM in practice. These case studies include:
- A data-driven bottling line
- An automotive gateway
- Residential security cameras
“This is the first model of its kind to assess the maturity of organizations’ IoT systems in a way that includes governance, technology and system management,” says Stephen Mellor, CTO, IIC. “Other models address part of what is addressed by the SMM: they may address a particular industry, IoT but not security, or security but not IoT. The SMM covers all these aspects and points to parts of existing models, where appropriate, to recognize existing work and avoid duplication.”
The IIC designed the SMM for industry and system-specific requirements. The IIC is collaborating with various industry groups to develop industry profiles that extend the model.