New IoT security maturity model profile targets retail industry

September 1, 2020

International technology standards consortium Object Management Group® (OMG®) and the Industrial Internet Consortium® (IIC™) announced the first vertical profile for the recently released v1.2 of the IoT Security Maturity Model (SMM) Practitioner’s Guide. Targeted specifically for the retail industry, IoT SMM: Retail Profile for Point-of-Sale Devices will help retail organizations determine the right level of investment to meet their security needs.

“Internet-connected devices, from point-of-sale payment devices such as signature scanners, to audit-logging devices such as printers and cash dispensers, have dramatically increased retail industry security threats,” said Andy Mattice, Co-chair, OMG Retail Domain Task Force, and Solutions Enablement at Lexmark. “New threats are constantly emerging, and attackers are becoming more capable and organized. At the same time, compliance requirements for security and data protection are becoming more stringent. Retail organizations are rightly concerned about developing robust security and data protection plans.”

The IoT SMM: Retail Profile for Point-of-Sale Devices, which builds on concepts identified in the IIC Industrial Internet Security Framework (originally published in 2016) and the IoT SMM Practitioner’s Guide v1.2 (originally published in 2019 and recently updated), helps retail organization stakeholders determine their security needs. First, business stakeholders use the model to define security goals and objectives tied to risks. Then, technical teams within the retail organization, or third-party assessment vendors, map these objectives into tangible security techniques and capabilities, and identify an appropriate target security maturity level.

The IoT SMM: Retail Profile for Point-of-Sale Devices includes practice tables that delve into retail industry-specific requirements. When conducting current state assessments, organizations can use the profile to evaluate their actual maturity level and compare it to the target.

“The IoT SMM: Profile for Retail Point-of-Sale Devicesis the result of strong collaboration between the OMG Retail Domain Task Force and the IIC Security Applicability Task Group,” said Ron Zahavi, Co-chair, OMG Board, IIC Steering Committee. “The white paper will enable retail establishments to take a structured, top-down approach toward setting goals and a means to assess the current security state, trading off investment against risk in a sensible manner.”

Retail organizations may improve their security state by making continued security assessments and improvements over time, up to their required level.

The IoT SMM: Retail Profile for Point-of-Sale Devices is a joint work product of the OMG Retail Domain Task Force, chaired by Andy Mattice, Lexmark, and Leonid Rubhakin, Aptos, and the IIC Security Applicability Task Group, chaired by Ron Zahavi, OMG Board and IIC Steering Committee. OMG and IIC members who contributed to the document can be found here on the OMG website and here on the IIC website.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.

In this webinar, we review the results of a benchmark study that asked security professionals about their past, present and future outlook on manned guarding. Want to know what your peers are saying about their weekly billed hours? Join us to find out!

New IoT security maturity model profile targets retail industry

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

New IoT security maturity model profile targets retail industry

Related Articles

Related Products

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.