CFP last date
20 January 2026
Call for Paper
February Edition
IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2026

Submit your paper
Know more
The week's pick
Responsive image
DHCPv6 Security Threats in Smart City Infrastructure: A Comprehensive Case Study of USA Municipalities

Joy Selasi Agbesi
Random Articles
Reseach Article

Integrating Policy and Technology: Toward Standardized IoT Cybersecurity Practices

by Janet M. Maluki
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 63
Year of Publication: 2025
Authors: Janet M. Maluki
10.5120/ijca2025926046

Janet M. Maluki . Integrating Policy and Technology: Toward Standardized IoT Cybersecurity Practices. International Journal of Computer Applications. 187, 63 ( Dec 2025), 44-54. DOI=10.5120/ijca2025926046

@article{ 10.5120/ijca2025926046,
author = { Janet M. Maluki },
title = { Integrating Policy and Technology: Toward Standardized IoT Cybersecurity Practices },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2025 },
volume = { 187 },
number = { 63 },
month = { Dec },
year = { 2025 },
issn = { 0975-8887 },
pages = { 44-54 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number63/integrating-policy-and-technology-toward-standardized-iot-cybersecurity-practices/ },
doi = { 10.5120/ijca2025926046 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-12-18T17:50:00.629775+05:30
%A Janet M. Maluki
%T Integrating Policy and Technology: Toward Standardized IoT Cybersecurity Practices
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 63
%P 44-54
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The rapid expansion of the Internet of Things (IoT) has amplified the complexity of cybersecurity governance, exposing critical gaps between technological innovation and regulatory enforcement. This study investigates how IoT cybersecurity policies can be integrated with emerging technical solutions to promote standardized, resilient, and compliant security practices. Using a systematic literature review, comparative case analysis, and the development of a Conceptual Policy–Technology Integration Framework (CPTIF), the research synthesizes evidence from 80 peer-reviewed studies published between 2018 and 2025. Findings reveal that advancements in intrusion detection, lightweight cryptography, and secure communication have strengthened IoT defense capabilities, fragmented governance, weak enforcement mechanisms, and policy lag continue to hinder effective alignment. The proposed CPTIF bridges this divide by linking policy instruments, such as standards, certification, and compliance mechanisms, with technical safeguards through adaptive governance and stakeholder collaboration. Grounded in Systems Theory and Socio-Technical Systems Thinking, the framework conceptualizes IoT cybersecurity as a dynamic ecosystem where policy and technology co-evolve to sustain resilience, interoperability, and trust. The study contributes to both scholarship and practice by offering a structured model for harmonizing governance and innovation in IoT security. It highlights the need for adaptive policy models, compliance-by-design, and international cooperation to achieve consistent protection across jurisdictions. Future research should focus on empirically validating the CPTIF across domains such as healthcare, industrial IoT, and smart cities to assess its practical effectiveness and scalability.

References
  1. Statista, “Number of Internet of Things (IoT) connected devices worldwide 2019–2030.” 2023.
  2. W. Xu and Y. Fan, “Intrusion Detection Systems Based on Logarithmic Autoencoder and XGBoost,” Secur. Commun. Networks, vol. 2022, 2022, doi: 10.1155/2022/9068724.
  3. I. Alrashdi, A. Alqazzaz, E. Aloufi, R. Alharthi, and M. Zohdy, “Adversarial machine learning in IoT intrusion detection systems,” IEEE Access, vol. 8, pp. 81612–81621, 2020.
  4. M. Zolanvari, M. A. Teixeira, R. Jain, K. Khan, and N. Meskin, “Machine learning-based network security for IoT: A survey,” IEEE Internet Things J., vol. 8, no. 12, pp. 9446–9469, 2021.
  5. M. A. Ferrag, O. Friha, L. Maglaras, H. Janicke, and L. Shu, “Federated Deep Learning for Cyber Security in the Internet of Things: Concepts, Applications, and Experimental Analysis,” IEEE Access, vol. 9, no. October, pp. 138509–138542, 2021, doi: 10.1109/ACCESS.2021.3118642.
  6. F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine learning in IoT security: Current solutions and future challenges,” IEEE Commun. Surv. Tutorials, vol. 24, no. 2, pp. 1234–1270, 2022.
  7. European Union Agency for Cybersecurity, “IoT cybersecurity certification framework.” 2021.
  8. N. I. of Standards and Technology, “NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers.” 2021. [Online]. Available: https://www.nist.gov/
  9. NIST, “Baseline Security Considerations for IoT Devices.” 2021.
  10. F. Al-Turjman and M. Abujubbeh, “IoT-enabled cybersecurity challenges in smart cities: A survey,” Trans. Emerg. Telecommun. Technol., vol. 31, no. 12, p. e4205, 2020.
  11. M. Abomhara and M. Gerdes, “Toward Policy–Technology Alignment for IoT Security: A Review of Regulatory Gaps,” Comput. Secur., vol. 118, p. 102725, 2022, doi: 10.1016/j.cose.2022.102725.
  12. E. U. A. for Cybersecurity, “IoT Risk Management and Certification Framework.” 2021. [Online]. Available: https://www.enisa.europa.eu/
  13. U. Shafique, S. Ali, and A. Rashid, “IoT Policy Frameworks in Developing Economies: A Review of Emerging Challenges,” Int. J. Inf. Manage., vol. 58, p. 102437, 2021, doi: 10.1016/j.ijinfomgt.2020.102437.
  14. R. Ahmed, A. Nazir, and I. Khalil, “Reinforcement learning-enabled adaptive security in IoT: A comprehensive survey,” Futur. Gener. Comput. Syst., vol. 148, pp. 393–411, 2024, doi: 10.1016/j.future.2023.11.009.
  15. M. A. Ferrag, L. Maglaras, and H. Janicke, “A survey on security for IoT-based healthcare,” Futur. Internet, vol. 12, no. 1, pp. 1–27, 2020.
  16. M. Babar, N. Tariq, and M. A. Jan, “Lightweight cryptography for IoT: A comprehensive survey,” IEEE Access, vol. 9, pp. 28177–28201, 2021.
  17. K. Nguyen, N. Vu, D. Nguyen, and K. Than, “Random Generative Adversarial Networks,” ACM Int. Conf. Proceeding Ser., pp. 66–73, 2022, doi: 10.1145/3568562.3568589.
  18. T. Qiu, Y. Tian, J. Ma, and F. Xia, “Blockchain-based security solutions for IoT: A survey,” ACM Comput. Surv., vol. 55, no. 6, pp. 1–36, 2022.
  19. European Commission, “The EU Cybersecurity Act.” 2020.
  20. MTR, ETSI EN 303 645. CYBER; Cyber Security for Consumer Internet of Things, vol. 1. 2019. [Online]. Available: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf
  21. S. Ahmed, R. Khan, and B. Musa, “Bridging Policy and Technical Standards in IoT Cybersecurity: A Comparative Analysis,” J. Inf. Secur. Appl., vol. 73, p. 103461, 2023, doi: 10.1016/j.jisa.2023.103461.
  22. S. Khan, I. Ahmed, and A. Rehman, “Policy perspectives on IoT cybersecurity in emerging economies,” Telecomm. Policy, vol. 45, no. 7, p. 102155, 2021.
  23. M. Zhang, “Unsupervised Learning Algorithms in Big Data: An Overview,” Proc. 2022 5th Int. Conf. Humanit. Educ. Soc. Sci. (ICHESS 2022), pp. 910–931, 2022, doi: 10.2991/978-2-494069-89-3_107.
  24. M. Haque, A. Khan, and D. Alahakoon, “Socio-Technical Perspectives on IoT Security Governance: A Systems Theory Approach,” Comput. Ind., vol. 132, p. 103521, 2021, doi: 10.1016/j.compind.2021.103521.
  25. G. L. Nguyen, B. Dumba, Q. D. Ngo, H. V. Le, and T. N. Nguyen, “A collaborative approach to early detection of IoT Botnet,” Comput. Electr. Eng., vol. 97, no. December 2020, p. 107525, 2022, doi: 10.1016/j.compeleceng.2021.107525.
  26. A. Hussain and M. S. Wolde, “Password Security Assessment of IoT-Devices,” 2022.
  27. M. Zolanvari, M. A. Teixeira, and R. Jain, “Machine learning-based intrusion detection for industrial IoT networks,” IEEE Internet Things J., vol. 8, no. 10, pp. 8570–8582, 2021, doi: 10.1109/JIOT.2021.3050937.
  28. A. R. Khan, M. Kashif, R. H. Jhaveri, R. Raut, T. Saba, and S. A. Bahaj, “Deep Learning for Intrusion Detection and Security of Internet of Things (IoT): Current Analysis, Challenges, and Possible Solutions,” Secur. Commun. Networks, vol. 2022, 2022, doi: 10.1155/2022/4016073.
  29. N. I. of Standards and Technology, “NISTIR 8259: Foundational Cybersecurity Activities for IoT Device Manufacturers.” 2021. [Online]. Available: https://www.nist.gov/
  30. S. Kemp, “Exploring public cybercrime prevention campaigns and victimization of businesses: A Bayesian model averaging approach,” Comput. Secur., vol. 127, p. 103089, 2023, doi: 10.1016/j.cose.2022.103089.
  31. S. Ahmed, R. Khan, and B. Musa, “Bridging Policy and Technical Standards in IoT Cybersecurity: A ComparativeAnalysi,” J. Inf. Secur. Appl., vol. 73, p. 103461, 2023, doi: 10.1016/j.jisa.2023.103461.
  32. M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke, “Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning,” IEEE Access, vol. 10, pp. 40281–40306, 2022, doi: 10.1109/ACCESS.2022.3165809.
  33. D. C. Nguyen, M. Ding, and P. N. Pathirana, “Federated learning for Internet of Things: A comprehensive survey,” IEEE Commun. Surv. Tutorials, vol. 24, no. 1, pp. 1–36, 2022.
  34. Y. Z. Zhang et al., “A New Ensemble Learning Method for Multiple Fusion Weighted Evidential Reasoning Rule,” J. Electr. Comput. Eng., vol. 2023, 2023, doi: 10.1155/2023/8987461.
  35. S. Wang, J. Tang, and H. Liu, “Encyclopedia of Machine Learning and Data Science,” Encycl. Mach. Learn. Data Sci., no. October 2017, 2020, doi: 10.1007/978-1-4899-7502-7.
  36. E. U. A. for Cybersecurity, “IoT Risk Management and Certification Framework.” 2021. [Online]. Available: https://www.enisa.europa.eu/
  37. E. Commission, “The EU Cybersecurity Act.” 2020. [Online]. Available: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act
  38. U. J. Umoga, E. O. Sodiya, O. O. Amoo, and A. Atadoga, “A critical review of emerging cybersecurity threats in financial technologies A critical review of emerging cybersecurity threats in financial technologies,” no. February, 2024, doi: 10.30574/ijsra.2024.11.1.0284.
  39. T. Posselt, N. Abdelkafi, L. Fischer, and C. Tangour, “Opportunities and challenges of Higher Education institutions in Europe: An analysis from a business model perspective,” High. Educ. Q., vol. 73, no. 1, pp. 100–115, 2019, doi: 10.1111/hequ.12192.
  40. NIST, “THE NIST CYBERSECURITY You may have heard about the,” Cyber Secur. Polit., pp. 1–4, 2020.
  41. D. Wright, N. Tomic, S. Portesi, and L. Marinos, ENISA Cybersecurity market analysis framework (ECSMAF) V2.0, vol. 0, no. MARCH. 2023. [Online]. Available: www.enisa.europa.eu.
  42. Department for Digital, Culture, Media and Sport, “Code of Practice for Consumer IoT Security.” 2020.
  43. OECD-FAO Agricultural Outlook 2022-2031. 2022.
  44. O. for Economic Co-operation and Development, “Digital Security and IoT Governance Recommendations.” 2024. [Online]. Available: https://www.oecd.org/digital/
  45. S. Ahmed, M. Patel, and X. Liu, “Performance trade-offs in class-imbalanced IoT intrusion detection datasets,” IEEE Internet Things J., vol. 10, no. 2, pp. 1080–1092, 2023.
Index Terms

Computer Science
Information Sciences

Keywords

IoT cybersecurity policy–technology integration adaptive governance standardization compliance resilience conceptual framework

Powered by PhDFocusTM