Elements and Performance Criteria
- Develop evaluation strategy
- Research and determine an organisation’s requirements for evaluation of IoT devices
- Research organisational operations, environment and culture and determine perceived threats and vulnerabilities
- Develop and document evaluation strategy according to organisational requirements, policies and procedures
- Submit evaluation strategy to required personnel and seek and respond to feedback
- Prepare to valuate IoT devices
- Prepare devices for evaluation according to technical specifications
- Secure data and networks according to technical specifications
- Run evaluation according to documented strategy and organisational policies and procedures
- Confirm and document identified vulnerabilities and threats according to organisational policies and procedures
- Document evaluation results according to organisational guidelines and requirements
- Interpret and finalise findings
- Analyse evaluation findings and determine completeness and accuracy
- Categorise negative findings into threats and vulnerability and determine level of potential impact to operational activities
- Develop and document recommendations to remediate threat potential and lessen vulnerabilities
- Document finalised results and recommendations according to organisational requirements
- Lodge documentation according to organisational policies and procedures