{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T11:55:19Z","timestamp":1777895719262,"version":"3.51.4"},"reference-count":83,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100015539","name":"Cyber Security Research Centre Ltd., funded through the Australian Government\u2019s Cooperative Research Centres Programme","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100015539","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3109886","type":"journal-article","created":{"date-parts":[[2021,9,3]],"date-time":"2021-09-03T20:06:28Z","timestamp":1630699588000},"page":"121975-121995","source":"Crossref","is-referenced-by-count":159,"title":["A Review of Security Standards and Frameworks for IoT-Based Smart Environments"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5173-9268","authenticated-orcid":false,"given":"Nickson M.","family":"Karie","sequence":"first","affiliation":[]},{"given":"Nor Masri","family":"Sahri","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7800-2215","authenticated-orcid":false,"given":"Wencheng","family":"Yang","sequence":"additional","affiliation":[]},{"given":"Craig","family":"Valli","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4071-4596","authenticated-orcid":false,"given":"Victor R.","family":"Kebande","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref73","year":"2021","journal-title":"The Coding Rules to Deliver Resilient and Scalable Software"},{"key":"ref72","year":"2020","journal-title":"Privacy Act 2020—New Zealand Legislation"},{"key":"ref71","year":"2021","journal-title":"TC CYBER Roadmap"},{"key":"ref70","year":"2021","journal-title":"10 Steps to Cyber Security"},{"key":"ref76","year":"2021","journal-title":"SCAP Standards"},{"key":"ref77","year":"2021","journal-title":"ISO\/IEC 27000 family of standards"},{"key":"ref74","year":"2021","journal-title":"Securing Cloud Services for the Federal Government"},{"key":"ref39","author":"ross","year":"2020","journal-title":"Security and privacy controls for information systems and organizations"},{"key":"ref75","year":"2021","journal-title":"The Federal Information Security Modernization Act (FISMA)"},{"key":"ref38","year":"2021","journal-title":"NIST Risk Management Framework-RMF"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1109\/ICCES.2017.8275309"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.30958\/ajl.3-3-2"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-017-0087-4"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/2398356.2398377"},{"key":"ref31","first-page":"119","article-title":"A risk assessment framework and software toolkit for cloud service ecosystems","author":"djemame","year":"2011","journal-title":"Proc Int Conf Cloud Comput GRIDs Virtualization"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/3078272"},{"key":"ref37","year":"2018","journal-title":"Framework for Improving Critical Infrastructure Cybersecurity"},{"key":"ref36","author":"mutune","year":"2021","journal-title":"Top Cybersecurity Frameworks"},{"key":"ref35","year":"2014","journal-title":"Cybersecurity Framework"},{"key":"ref34","author":"dawson","year":"2019","journal-title":"The Most Influential Security Frameworks of All Time"},{"key":"ref60","author":"wynn","year":"2014","journal-title":"Threat assessment & remediation analysis (tara)"},{"key":"ref62","year":"2021","journal-title":"IASME Governance Audited"},{"key":"ref61","article-title":"Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) framework, version 1.0","author":"alberts","year":"2018"},{"key":"ref63","year":"2020","journal-title":"IASME Consortium to Deliver IoT Certification Using Crossword Cybersecurity’s Rizikon Assurance Platform"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/ICST46873.2019.9047745"},{"key":"ref64","year":"2021","journal-title":"HITRUST CSF—One Framework One Assessment Globally"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-13-8618-3_26"},{"key":"ref65","year":"2021","journal-title":"CIS Controls"},{"key":"ref66","year":"2021","journal-title":"COBIT"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1002\/dac.4228"},{"key":"ref67","year":"2021","journal-title":"Protective Security Requirements"},{"key":"ref68","year":"2021","journal-title":"Committee of Spnsoring Organizations of the Treadway Commission"},{"key":"ref69","year":"2020","journal-title":"Essential eight maturity model"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ETSecIoT50046.2020.00009"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.3390\/info7030044"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-73676-1_11"},{"key":"ref22","first-page":"304","article-title":"Privacy mining from IoT-based smart homes","author":"lee","year":"2018","journal-title":"Proc Int Conf Broadband Wireless Comput Commun Appl (BWCCA)"},{"key":"ref21","author":"chris","year":"2018","journal-title":"Internet of Things Challenges in Storage and Data"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/1140\/1\/012006"},{"key":"ref23","year":"2020","journal-title":"Privacy and the Internet of Things"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3017221"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2018.2801944"},{"key":"ref50","year":"2021","journal-title":"Cybersecurity Maturity Model Certification"},{"key":"ref51","author":"christopher","year":"2018","journal-title":"The cybersecurity maturity model A means to measure and improve your cybersecurity program"},{"key":"ref59","year":"2021","journal-title":"SOC 2—SOC for Service Organizations Trust Services Criteria"},{"key":"ref58","year":"2021","journal-title":"What is GDPR the EU’s new data protection law?"},{"key":"ref57","year":"2018","journal-title":"Security for Industrial Automation and Control Systems—Part 4–1 Secure Product Development Lifecycle Requirements"},{"key":"ref56","year":"2021","journal-title":"CIP Standard"},{"key":"ref55","year":"1300"},{"key":"ref54","year":"2020","journal-title":"The FFIEC Cybersecurity Assessment Tool A Framework for Measuring Cybersecurity Risk and Preparedness in the Financial Industry"},{"key":"ref53","year":"2021","journal-title":"Cybersecurity Assessment Tools"},{"key":"ref52","year":"2021","journal-title":"Cybersecurity capability maturity model (C2M2) program"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.3390\/app10124102"},{"key":"ref11","first-page":"383","article-title":"Security issues in the Internet of Things (IoT): A comprehensive study","volume":"8","author":"razzaq","year":"2017","journal-title":"Int J Adv Comput Sci Appl"},{"key":"ref40","author":"lefkovitz","year":"2020","journal-title":"NIST Privacy Framework An Overview"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1109\/FiCloud.2016.57"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/s42979-020-00201-3"},{"key":"ref14","first-page":"1","article-title":"Privacy and security issues in IoT based smart home applications","volume":"6","author":"gadiyar","year":"2018","journal-title":"Int J Eng Res Technol"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1108\/S1548-6435(2005)0000002006"},{"key":"ref82","year":"1996","journal-title":"Health Information Privacy"},{"key":"ref16","first-page":"1","article-title":"Evaluating privacy and security threats in IoT-based smart home environment","volume":"14","author":"nagarkar","year":"2019","journal-title":"Int J Appl Eng Res"},{"key":"ref81","author":"joey","year":"2016","journal-title":"Adaptive challenge and the leadership challenge"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/EISIC.2016.044"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/1032761"},{"key":"ref83","year":"2021","journal-title":"ETSI standard"},{"key":"ref19","article-title":"Smart homes: Security challenges and privacy concerns","author":"hall","year":"2020","journal-title":"arXiv 2010 15394"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-020-07446-4"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.18517\/ijaseit.8.1.2115"},{"key":"ref3","author":"c\u00e9dric","year":"2015","journal-title":"Security and Resilience of Smart Home Environments Good Practices and Recommendations"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICIRD.2018.8376320"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2016.7815675"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.23919\/IConAC.2017.8082057"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.23919\/MIPRO.2017.7973622"},{"key":"ref49","year":"2021","journal-title":"What is PCI Compliance?"},{"key":"ref9","first-page":"1","article-title":"Internet of threats introspection in dynamic intelligent virtual sensing","author":"kebande","year":"2020","journal-title":"Proc 1st Workshop Cyber-Phys Social Syst (CPSS)"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-53r1"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-14"},{"key":"ref48","year":"2021","journal-title":"Maintaining Payment Security"},{"key":"ref47","year":"2021","journal-title":"Family Educational Rights and Privacy Act"},{"key":"ref42","author":"ross","year":"2018","journal-title":"Risk Management Framework for Information Systems and Organizations A System Life Cycle Approach for Security and Privacy"},{"key":"ref41","author":"blank","year":"2012","journal-title":"Guide for Conducting Risk Assessments"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-12r1"},{"key":"ref43","author":"locke","year":"2011","journal-title":"Managing Information Security Risk—Organization Mission and Information System View"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09528421.pdf?arnumber=9528421","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:55:27Z","timestamp":1639770927000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9528421\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":83,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3109886","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}