Doctoral defence: Abasi-amefon Obot Affia “A Framework and Teaching Approach for IoT Security Risk Management“

On 18. December at 10:15 am Abasi-amefon Obot Affia will defend her doctoral thesis "A Framework and Teaching Approach for IoT Security Risk Management" for obtaining the degree of Doctor of Philosophy (Computer Science).

Supervisors:
Prof. Raimundas Matulevicius, Institute of Computer Science, UT;
Assoc. Prof. Alexander Nolte, Institute of Computer Science, UT.

Opponents:
Prof. Guttorm Sindre, Norwegian university of science and technology (Norway);
Prof. Jari Porras, LUT University and Aalto University (Finland).

Summary
Increased network-capable devices in the Internet of Things (IoT) have brought significant security risks. However, current IoT security risk management frameworks often overlook IoT architecture analysis, resulting in research gaps and implementation challenges. This study presents the IoTA-SRM framework, which considers IoT architecture as an input for security risk analysis, enabling comprehensive risk management at multiple layers.
Two case studies were conducted to assess the validity of the IoTA-SRM framework. The first case study explored the security risks of the entire IoT system. In contrast, the second case study concentrated on a specific pilot feature, such as an MQTT autonomous traffic light system. These case studies provided insights into the applicability of the framework and its importance in addressing security concerns and bolstering system security by identifying and mitigating risks across IoT architecture layers.
While the IoTA-SRM framework provides a comprehensive approach to IoT security risk management, the challenge lies in ensuring its practical implementation. To address this, we propose a hackathon learning model as a teaching strategy to guide in applying the IoTA-SRM framework effectively. Hackathons provide hands-on training, enabling participants to apply the framework in real-world scenarios. Tailored interventions were developed and refined through action research cycles to facilitate an effective learning environment within hackathon settings. Evaluation results confirm the model's ability to foster practical learning of the framework, promote sustainable practices, and provide practical learning experiences that engage stakeholders.
The combined approach of the framework and the hackathon learning model equip stakeholders with skills to effectively manage IoT security risks, addressing IoT systems' complex nature. The proposed hackathon learning model facilitates practical implementation, fostering understanding and navigating IoT security challenges. 

The defence can also be followed in Zoom  (Meeting ID: 978 0147 0180, Passcode: ati).