A COBIT5 Framework for IoT Risk Management

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2017
Faride Latifi, Houman Zarrabi

Faride Latifi and Houman Zarrabi. A COBIT5 Framework for IoT Risk Management. International Journal of Computer Applications 170(8):40-43, July 2017. BibTeX

	author = {Faride Latifi and Houman Zarrabi},
	title = {A COBIT5 Framework for IoT Risk Management},
	journal = {International Journal of Computer Applications},
	issue_date = {July 2017},
	volume = {170},
	number = {8},
	month = {Jul},
	year = {2017},
	issn = {0975-8887},
	pages = {40-43},
	numpages = {4},
	url = {http://www.ijcaonline.org/archives/volume170/number8/28094-2017914933},
	doi = {10.5120/ijca2017914933},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


Use of information technology management framework plays a major influence on organizational success. This article focuses on the field of Internet of Things (IoT) management. In this study, a number of risks in the field of IoT is investigated, then with review of a number of COBIT5 risk management schemes, some associated strategies, objectives and roles are provided. According to the in-depth studies of this area it is expected that using the best practices of COBIT5 can be very effective, while the use of this standard considerably improve some criteria such as performance, cost and time. Finally, the paper proposes a framework which reflects the best practices and achievements in the field of IoT risk management.


  1. The Book of COBIT5: A Business Framework for the Governance and Management of Enterprise IT, available at: http: //www.isaca.org.
  2. Z. Enslin, “Cloud computing adoption: Control objectives for information and related technology (COBIT) – mapped risks and risk mitigating controls”, African Journal of Business Management, Volume 6, Sept. 2012, Pages 10185-10194,
  3. COBIT 5, Information Systems Audit and Control Association (ISACA), 2012.
  4. S. Cortina, A. Renault and M. Picard, “TIPA Process Assessments: A Means to Improve Business Value of IT Services”, Volume 4, October.2013, Pages 1-18.
  5. Maryam Teymouria, Maryam Ashoorib, “The impact of information technology on risk management”, World Conference on Information Technology, Procedia Computer Science, Volume 3, 2011, Pages 1602–1608.
  6. Shan Liua, Lin Wang, “Understanding the impact of risks on performance in internal and outsourced information technology projects: The role of strategic importance”, International Journal of Project Management Volume 32, Issue 8, November 2014, Pages 1494–1510.
  7. Shan Liu, “How the user liaison's understanding of development processes moderates the effects of user-related and project management risks on IT project performance”, Information & Management Volume 53, Issue 1, January 2016, Pages 122–134.
  8. Alireza Shameli-Sendia, Rouzbeh Aghababaei-Barzegarb, Mohamed Cherietc, ,“Taxonomy of information security risk assessment (ISRA), Computers & Security, Volume 57, March 2016, Pages 14–30.
  9. Sajjad Ahmeda, c, Mohamed Elsholkamia, Ali Elkamela, Juan Dub, Erik B. Ydstieb, Peter L. Douglasa” Financial risk management for new technology integration in energy planning under uncertainty”, Applied Energy Volume 128, 1 September 2014, Pages 75–81.
  10. Jeb Webb, Atif Ahmad, Sean B. Maynard, , Graeme Shanks, “A situation awareness model for information security risk management”, Computers & Security Volume 44, July 2014, Pages 1–15.
  11. Benjamin B.M. Shaoa, Winston T. Linb, “Assessing output performance of information technology service industries: Productivity, innovation and catch-up”, International Journal of Production Economics Volume 172, February 2016, Pages 43–53.
  12. Samer Alhawaria, , Louay Karadshehb, , Amine Nehari Taletc, , , Ebrahim Mansoura, ,” Knowledge-Based Risk Management framework for Information Technology project”, International Journal of Information Management, Volume 32, Issue 1, February 2012, Pages 50–65, Volume 34, Issue 1, January 2016, Pages 102–116.
  13. Zahoor Ahmed Soomro, Mahmood Hussain Shah, Javed Ahmed”, Information security management needs more holistic approach: A literature review”, International Journal of Information Management Volume 36, Issue 2, April 2016, Pages 215–225.
  14. Franz T. Lohrkea, , Cynthia Frownfelter-Lohrkea, , David J. Ketchen Jr.b“The role of information technology systems in the performance of mergers and acquisitions”, Business Horizons, Volume 59, Issue 1, January–February 2016, Pages 7–12.
  15. The Book of COBIT5: A Business Framework for the Governance and Management of Enterprise IT, available at: http: //www.isaca.org, 2016.
  16. COBIT 5, Information Systems Audit and Control Association (ISACA), 2012.
  17. Hyunsoo Lee, “Framework and development of fault detection classification using IoT device and cloud environment”, Journal of Manufacturing Systems, Volume 43, Part 2, April 2017, Pages 257–270.
  18. Stefano Tedeschi, Jörn Mehnen , Nikolaos Tapoglou , Rajkumar Roy, “Secure IoT Devices for the Maintenance of Machine Tools”, Procedia CIRP, Volume 59, 2017, Pages 150–155.
  19. Hyun Jung La, “A conceptual framework for trajectory-based medical analytics “, Journal of Computer and System Sciences, Volume 82, Issue 4, June 2016, Pages 610–626.
  20. Sangho Park, Yanghoon Kim, Hangbae Chang, “An empirical study on security expert ecosystem in the future IoT service environment”, Computers & Electrical Engineering, Volume 52, May 2016, Pages 199–207.
  21. Jayant D. Bokefode, Avdhut S. Bhise, Prajakta A. Satarkar, Dattatray G. Modani, “Developing A Secure Cloud Storage System for Storing IoT Data by Applying Role Based Encryption”, Procedia Computer Science, Volume 89, 2016, Pages 43-50.
  22. Angelo Furfaro, Luciano Argento, Andrea Parise, Antonio Piccolo, “Using virtual environments for the assessment of cybersecurity issues in IoT scenarios”, Simulation Modelling Practice and Theory, Volume 73, April 2017, Pages 43–54.
  23. Ioannis Chatzigiannakis, Andrea Vitaletti, Apostolos Pyrgelis, “A privacy-preserving smart parking system using an IoT elliptic curve based security platform”, Computer Communications, Volumes 89–90, 1 September 2016, Pages 165–177.
  24. In Lee, “The Internet of Things (IoT): Applications, investments, and challenges for enterprises”, Business Horizons, Volume 58, Issue 4, July–August 2015.
  25. Sheetal Kalra, Sandeep K. Sood, “Secure authentication scheme for IoT and cloud servers”, Pervasive and Mobile Computing, Volume 24, December 2015, Pages 210–223.
  26. Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker Targio Hashem, Faiz Alotaibi, “Internet of Things security: A survey”, Journal of Network and Computer Applications, Volume 88, 15 June 2017, Pages 10–28.
  27. Mohammad Amin Hatef, Vahid Shaker, Mohammad Reza Jabbarpour, Jason J. Jung and Houman Zarrabi, “HIDCC: A Hybrid Intrusion Detection Approach in Cloud Computing”, Concurrency and Computation, Wiley, 2017. (To Appear)
  28. Reza Omidi, Houman Zarrabi, “New Protection Technique Against Unidirectional MEUs for FIR Filters”, Springer Science+Business Media New York, 31 March 2017.
  29. Armin Nabaei, Melika Hamian, Mohammad Reza Parsaei, Reza Safdari, Taha Samad-Soltani, Houman Zarrabi, A. Ghassemi, “Topologies and performance of intelligent algorithms: a comprehensive review”, Springer Science+Business Media Dordrecht 2016.
  30. Amin Mohajer, Morteza Barari & Houman Zarrabi, “Big Data based Self-Optimization Networking: A Novel Approach Beyond Cognition”, Intelligent Automation & Soft Computing, 2017.
  31. Mohammad Emamil, Mohammad Reza Jabbarpour, Bahman Abolhassani, JasonJ.Jung, Houman Zarrabi, “Soft Cooperative Spectrum Sensing using Quantization Method in the Presence of Smart PUE Attack”, Springer Science+Business Media New York 2017.


IT Management Framework, IoT, COBIT5, Efficiency, Cost