New IoT Security Maturity Model Profile from Object Management Group/Industrial Internet Consortium Targets Retail Industry

Share Article

Guidance to help retail establishments determine security requirements

https://www.omg.org/

International technology standards consortium Object Management Group® (OMG®) and the Industrial Internet Consortium® (IIC™), which accelerates the adoption of industry Internet of Things (IoT), announced the first vertical profile for the recently released v1.2 of the IoT Security Maturity Model (SMM) Practitioner’s Guide. Targeted specifically for the retail industry, IoT SMM: Retail Profile for Point-of-Sale Devices will help retail organizations determine the right level of investment to meet their security needs.

“Internet-connected devices, from point-of-sale payment devices such as signature scanners, to audit-logging devices such as printers and cash dispensers, have dramatically increased retail industry security threats,” said Andy Mattice, Co-chair, OMG Retail Domain Task Force, and Solutions Enablement at Lexmark. “New threats are constantly emerging, and attackers are becoming more capable and organized. At the same time, compliance requirements for security and data protection are becoming more stringent. Retail organizations are rightly concerned about developing robust security and data protection plans.”

The IoT SMM: Retail Profile for Point-of-Sale Devices, which builds on concepts identified in the IIC Industrial Internet Security Framework (originally published in 2016) and the IoT SMM Practitioner’s Guide v1.2 (originally published in 2019 and recently updated), helps retail organization stakeholders determine their security needs. First, business stakeholders use the model to define security goals and objectives tied to risks. Then, technical teams within the retail organization, or third-party assessment vendors, map these objectives into tangible security techniques and capabilities, and identify an appropriate target security maturity level.

The IoT SMM: Retail Profile for Point-of-Sale Devices includes practice tables that delve into retail industry-specific requirements. When conducting current state assessments, organizations can use the profile to evaluate their actual maturity level and compare it to the target.

“The IoT SMM: Profile for Retail Point-of-Sale Devices is the result of strong collaboration between the OMG Retail Domain Task Force and the IIC Security Applicability Task Group,” said Ron Zahavi, Co-chair, OMG Board, IIC Steering Committee. “The white paper will enable retail establishments to take a structured, top-down approach toward setting goals and a means to assess the current security state, trading off investment against risk in a sensible manner.”

Retail organizations may improve their security state by making continued security assessments and improvements over time, up to their required level.

The IoT SMM: Retail Profile for Point-of-Sale Devices is a joint work product of the OMG Retail Domain Task Force, chaired by Andy Mattice, Lexmark, and Leonid Rubhakin, Aptos, and the IIC Security Applicability Task Group, chaired by Ron Zahavi, OMG Board and IIC Steering Committee. OMG and IIC members who contributed to the document can be found here on the OMG website and here on the IIC website.

About Industrial Internet Consortium
The Industrial Internet Consortium® is the world’s leading organization delivering transformative business value to organizations, industry, and society by accelerating adoption of a trustworthy internet of things. The Industrial Internet Consortium is a program of the Object Management Group (OMG). For more information visit http://www.iiconsortium.org.

About OMG
The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium with representation from government, industry, and academia. OMG Task Forces develop enterprise integration standards for a wide range of technologies and an even wider range of industries. OMG's modeling standards enable powerful visual design, execution and maintenance of software and other processes. Visit http://www.omg.org for more information.

Note to editors: Object Management Group, OMG, and Industrial Internet Consortium are registered trademarks of the Object Management Group. For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks or registered trademarks are the property of their respective owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Karen Quatromoni
Visit website