PRESS is an acronym used in the project for the “Privacy, data pRotection, Ethics, Security & Societal” analysis, aiming to provide guidelines on security of information within the project. eBOS has contributed to the IoT-NGIN PRESS analysis by exploring the current societal concerns regarding information security in the context of data transfers. In view of the societal concerns linked to information security practices, eBOS suggests the risk and impact approach. Assessing risks and impacts alongside mitigating measures is an approach that allow proactivity to an underlying problem rather than a reaction after the event.
Nowadays, standard security requirements are expected to be met when developing new systems, and information security is considered throughout the development lifecycle. In the IoT-NGIN project, information security practices regarding data exchanges, concern technologies such as sensing devices, consumer electronics, drones, robots/cobots, smart meters and assessment for their general compliance to legal frameworks, protocols and standards was described in the project’s PRESS analysis.
Within the IoT-NGIN project, eBOS suggests a risk and impact assessment approach to monitor each of the technologies presented in the project, to assess the level of information security. The risk requirements are assigned to specific work parts and project work packages for easier and more targeted actions. A continuous and dynamic assessment of the risks prevailing, and the data collected/ produced by the project to be added on a risk registry and data inventory. Furthermore, evaluation of the impact of these risks within the framework of the PRESS context must be performed and linked to the risk assessment function.
To complete the cycle of vigilance eBOS stresses the importance of addressing the risks with mitigating actions. Such actions include clear communication paths to all consortium members that would emphasize the need for proper data management and precautionary actions as well as easy avenue of monitoring until the end of the project. Additionally, continuous monitoring of the data collection and exchange within the project’s technologies and partners is a great tool too ensuring further compliance to security policies and standards.