Objectives for IoT Risk Mitigation

Successful implementations of IoT systems have two overarching components:

  • a positive Return on Investment (ROI), and
  • a positive, or at least neutral, impact on the institution’s cyber risk profile.

Both of these components require thoughtful selection, implementation, and management of IoT systems, involving multiple stakeholders, departments, and organizations across the University.

The IoT Risk Mitigation Strategy program will help the University develop the capability and capacity to evaluate whether a particular IoT system has delivered the value expected for the real costs incurred in its acquisition, deployment, and ongoing operation. The strategy and program will include a framework for evaluating IoT systems under consideration as well. The evaluation process will include estimating impacts to cybersecurity and cyber risk before and after implementation.

In order to coordinate and work across UW organizations and departments to accomplish these objectives, a four ‘pillar’ strategy has been developed:
policy,outreach and education, threat awareness, interorganizational coordination

The individual and mutually supporting aspects of all four of these areas will enhance the University’s capabilities and capacities in the course of choosing, implementing, and operating and managing IoT systems across the institution.

If you have questions regarding selection, implementation, and operation of IoT systems, please contact ciso@uw.edu.