INTERNET OF THINGS CYBER SECURITY ASSESSMENT MODEL AND METRICS

Abstract

ABSTRACT

In Uganda, there is a general lack of a specific model and appropriate metrics for evaluating IoT cyber security. To provide an informed basis for decision-making by policymakers, industry

6

participants, and the public, a model and metrics in the domains of IoT cyber security readiness, intensity, and adoption are necessary. Previous cyber security research efforts have concentrated the general computer security. However, in the recent past, mobile devices and IoT based devises and networks are on the rise, giving rise to the emerging problem of IoT cyber security. In the recent years, the use of mobile devices and IoT-based devices and networks has increased, resulting in the emergence of the IoT cyber security problem. However, establishing IoT cyber security is difficult due to IoTs' intelligence, connectivity, sensing, and energy characteristics, which must be carefully analyzed if IoT cyber security is to be maintained. This thesis, which is based on a combination of qualitative and quantitative research, addresses the IoT cyber security metrics challenge in Uganda by establishing a model and metrics to assess the level of IoT cyber security in the domains of readiness, intensity, and acceptance. The research was based on the Technology Acceptance Model (TAM) and the Diffusion of Innovations (DOI) theory with the Socio-Technical Systems Theory (STS) providing the underpinning theoretical underpinning.The researcher utilised methodology triangulation involving a questionnaire in each of the research domains and structured interviews. In order to address the research objectives, and answer the research question the researcher firstly identified metrics that lead to increased IoT cyber security readiness, intensity, and adoption in Uganda. The thesis then presented a model, and an IoT cyber security metric, the IoT cyber security Assessment Index (ICSAM) that can be used to assess the state of IoT cyber security in Uganda, and other developing countries based on three sub-indices namely, IoT cyber security readiness (ICSR), IoT cyber security intensity (ICSI), and IoT cyber security adoption (ICSA), respectively across nine (9) constructs. These constructs were found to significantly explain the variation of the respective sub-indices in studies related to each of the research objectives. This thesis proposes an IoT cyber security specific model, and composite IoT cyber security assessment metric across the three domains of the IoT cyber security eco-system, namely readiness, intensity, and adoption designed for assessing IoT cyber security in Uganda, and other developing countries. Currently, general cyber security models and metrics are used to estimate the state of IoT cyber security. Using the delphi method of validation using subject matter experts. The results appropriately validated the ICSAM model. The ICSAM computation algorithm can be easily automated, and the sub-index and construct weights varied to reflect the priorities of a particular decision modeler to suit a given developing country’s special requirements. The major limitation of the study was that the findings and the

7

implication of the study were based on the information received from the respondents in Kampala and Wakiso Districts due to the constraints of finance and time. However, because IoT technology users are dispersed across the country, this left a lot of information untapped. The study recommends further studies focused on developing a model for the implementation of IoT technologies in Uganda.