Exploring Risk Analysis Methods in IoE Projects: A Smart Campus Use Case

The IoT is an ICT development paradigm based on technological evolution. The underlying vision is an increasingly sensorized world, where all phenomena can be virtually digitised and processed by machines, interacting to improve humanity’s quality of life. This transformation has taken place at breakneck speed. In a few years, the Internet began to be mainly used by machines, whose number and variety have increased exponentially, in symbiosis with humans, giving rise to the Internet of Everything (IoE) concept. Among the challenges in pursuing this primary objective, information security is one of the most relevant. Security flaws imply a loss of trust, compromising the acceptance and use of the entire system. Analysing risks and anticipating problems is imperative for any project in this field. However, the traditional risk analysis (RA) methods aiming at isolated Information Systems must be revised, given the complexity and dependence between systems in the IoE. Furthermore, traditional RA is performed periodically, usually annually, while the threat landscape linked to IoE changes more rapidly, demanding new approaches. This paper presents a survey of RA methods that have been applied in this context, justifying and demonstrating their adjustments to a particular case of a Smart Campus project. The results demonstrate the method’s usefulness for planning adequate techniques to achieve the security-by-design and by-default principle.