"Standards Body Publishes Guidelines for IoT Security Testing"

A leading industry standards community called the Anti-Malware Testing Standards Organization (AMTSO) has published its first guidelines for the testing of IoT security products in a bid to drive independent benchmarking and certification efforts. AMTSO board member, Vlad Iliushin, argued that this is a currently under-served space, meaning users still don't have good enough visibility into the pros and cons of products on the market. Iliushin noted that the testing of IoT security solutions is quite different from anti-malware testing as they need to protect a wide variety of different smart devices in businesses and homes, so the setup of the test environment can be challenging. The guidelines cover six key areas:

General principles that all tests and benchmarks focus on validating end results and performance rather than back-end functionality.
Sample selection, involving guidance for challenges with choosing the right samples for IoT security solution benchmarking.
Determination of "detection," as IoT security solutions work differently from traditional cybersecurity products regarding detections and actions taken.
Test environment, including advice for testers who choose not to execute in a controllable environment using real devices.
Testing of specific security functionality in different attack stages such as reconnaissance, initial access, and execution.
Performance benchmarking.

Infosecurity reports: "Standards Body Publishes Guidelines for IoT Security Testing"

Submitted by Anonymous on Thu, 09/01/2022 - 09:30