Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (IoT) devices?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
To ensure data transfer integrity for Internet of Things (IoT) devices, an IS auditor should first determine how the devices are connected to the local network.
Explanation:
IoT devices are often connected to a local network through wireless networks, which increases the risk of unauthorized access to the network and data breaches. Therefore, the IS auditor should first identify the type of network that the devices are connected to and the security measures in place to protect the network from unauthorized access.
Once the IS auditor has determined how the devices are connected to the local network, they can then assess the security controls in place to ensure the integrity of the data transferred between the devices and the database where the data is stored.
Option A, verifying access control lists to the database where collected data is stored, is a good security control to ensure data confidentiality, but it does not address the issue of data transfer integrity.
Option B, confirming acceptable limits of data bandwidth for each device, is important to ensure that the devices do not consume excessive bandwidth, but it does not address data transfer integrity.
Option C, ensuring that message queue telemetry transport (MQTT) is used, is a good security control to ensure that data is securely transferred between devices and the database where the data is stored, but it assumes that MQTT is the only protocol used for data transfer.
In summary, the IS auditor should first determine how the IoT devices are connected to the local network to identify the security controls in place and assess the risks of unauthorized access. Only then can the auditor evaluate the security controls to ensure the integrity of the data transfer between the devices and the database where the data is stored.