- This topic has 1 voice and 0 replies.
-
Posts
-
-
Uber was once again in the news last week as it announced it will pay a $148 million settlement to all US states and the District of Columbia for waiting a year to report a data breach and taking active steps to hide it in the meantime.
Tony West, the taxi-booking app provider’s chief legal officer, placed this in a positive light: the settlement signals Uber will from now on “do the right thing.” The implication, of course, is that Uber could have avoided this settlement if it had done the right thing at the time of the breach by informing affected customers and drivers.
But what does the phrase mean? It is an emotive and subjective phrase, requiring context and a common frame of reference for all parties to make a judgement. Consider the case of security in IoT.
Doing the right thing in the context of deploying and using secure IoT technologies will depend on use cases. There are currently many guidelines and regulations to influence behaviours among IoT vendors and enterprises.
The GSMA launched its IoT Security Guidelines in February 2016, an industry-collaborated working document which recommends practical advice for mobile operators and the IoT communities in addressing common cybersecurity threats, and protecting data privacy issues related to IoT services. The European Union Agency for Network and Information Security (ENISA) then followed in November 2017 with a reference report, Baseline Security Recommendations for IoT in the Context of Critical Information Infrastructures. And the Industrial Internet Consortium’s (IEC) Industrial Internet Security Framework and the Internet of Things Security Foundation’s (IOTSF) IoT Security
-
- You must be logged in to reply to this topic.
