Skip to main content

Table 5 Risk rank calculation for IoT device protection

From: IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process

IoT risk vectorQuantitative weightage (W)Risk score(S)Rank = W × SDescription/implication
IoT device does not have a unique built-in identifier750.860 (medium)Remote access and vulnerability management are affected
IoT device’s external dependencies are not revealed by the manufacturer600.742 (medium)Managing the risk of external software and services are not possible
Patches or upgrades for the IoT device are not released by the manufacturer500.630 (low)Known vulnerabilities cannot be removed
IoT device is not capable of having its software patched or upgraded600.636 (medium)Known vulnerabilities cannot be removed
No vulnerability scanner that can run on or against the IoT device600.636 (medium)Cannot automatically identify known vulnerabilities
The IoT device does not support the concealment of displayed password characters800.756 (medium)Increases the likelihood of credential theft
The IoT device does not support strong credentials cryptographic tokens or multifactor authentication)950.985 (high)Tampering through credential misuse is possible
The IoT device does not support enterprise user authentication system900.872 (medium)Each user needs more credentials
The IoT device is not able to log its operational and security events700.642 (medium)Probability of detection of malicious activities are very less