Table 1 Comparison of CSRF
Name of CSRF | Owner | IoT focus areas | Strengths | Weakness | Industries used/applied | IoT risk assessment approach | CIA coverage (Y/N) | IoT published standards |
|---|---|---|---|---|---|---|---|---|
NIST | NIST | Standards, Technology, Partnerships, Publications, Market Intelligence, and government adoption | More valuable framework in managing cyber risks and excellent for disaster and recovery planning | Framework is documented but this is not an automated tool. No quantification of risk. | Manufacturing, insurance, healthcare, financial, government, and security/risk consultancy firms | Compliance (standards and guidelines with documentation) | Y | Yes |
OCTAVE | Octave Allegro | Information assets of the organization | Standardized questionnaire is addressed to explore and classify recovery impact areas | No quantification method for calculating recovery | Smart homes, aimed for companies with limited resources | Qualitative method | Y | No |
TARA | Intel | Threat susceptibility Analysis and Risk Remediation Analysis | Predictive framework for most crucial exposures | No quantification of risk impact | Manufacturing, insurance, healthcare, financial | Qualitative method | N | Yes |
ISO | ISO with 164 national standard bodies | Global standardization of risk assessment | Promotes standardization of cyber risk and follows international experience and knowledge | International standardization on requires a level of compulsory compliance | Small business or corporate, government or private | Compliance (Standards and guidelines with documentation) | Y | Yes |