Abstract—The Internet of Things (IoT) has extensively altered the IT landscape, allowing thus no human requirements in order to fluently communicate. However, it has introduced uncertainty which led to the emergence of a myriad of security risks. As coping with these security risks is becoming more and more challenging, the need of a new Security Risk Assessment (SRA) approach dealing with the IoT heterogeneous and dynamic paradigm is needed. Indeed, SRA is the primary means preserving the business services' confidentiality, integrity and availability. Different SRA approaches exist but applying them to the pervasive paradigm of the IoT is commonly agreed as impotent. Therefore, we provide a novel approach based on the Elasticsearch Stack Solution (ELK) and the Plan, Do, Check, Act (PDCA) cycle aimed at efficiently assessing IoT’ security risks. As a result, the provided approach has skillfully dealt with the IoT dynamic environment. Furthermore, a benchmark of our novel approach and the existing approaches is successfully realized highlighting eventually the main findings.

Index Terms—Security risk assessment, IoT security risks, elasticsearch stack, PDCA cycle, attack graph, Risk register, risk management.

Cite: Wissam Abbass, Zineb Bakraouy, Amine Baina, and Mostafa Bella, “Assessing the Internet of Things Security Risks,” vol. 14, no. 10, pp. 958-964, 2019. Doi: 10.12720/jcm.14.10.958-964.