RAM-IoT: Risk Assessment Model for IoT-Based Critical Assets

Kayode Adewole; Kayode Adewole; Andreas Jacobsson; Andreas Jacobsson; Paul Davidsson; Paul Davidsson

doi:10.5220/0013200800003944

RAM-IoT: Risk Assessment Model for IoT-Based Critical Assets

Kayode Adewole, Kayode Adewole, Andreas Jacobsson, Andreas Jacobsson, Paul Davidsson, Paul Davidsson

2025

Abstract

As the number of Internet of Things (IoT) devices continues to grow, understanding and mitigating potential vulnerabilities and threats is crucial. With IoT devices becoming ubiquitous in critical sectors like healthcare, transportation, energy, and industrial automation, identifying and addressing risks is increasingly important. A comprehensive risk management approach enables IoT stakeholders to safeguard user data and privacy, as well as system integrity. Existing risk assessment frameworks focus on qualitative risk analysis methodologies, such as operationally critical threat, asset, and vulnerability evaluation (OCTAVE). However, security risk assessment, particularly for IoT ecosystem, demands both qualitative and quantitative risk assessment. This paper proposes RAM-IoT, a risk assessment model for IoT-based critical assets that integrates qualitative and quantitative risk assessment approaches. A multi-criteria decision making (MCDM) approach based on fuzzy Analytic Hierarchy Process (fuzzy AHP) is proposed to address the subjective assessment of the IoT risk analysts and their corresponding stakeholders. The applicability of the proposed model is illustrated through a use case connected to service delivery in the IoT. The proposed model provides a guideline to researchers and practitioners on how to quantify the risks targeting assets in IoT, thereby providing adequate support for protecting IoT ecosystems.

Download

Paper Citation

in Harvard Style

Adewole K., Jacobsson A. and Davidsson P. (2025). RAM-IoT: Risk Assessment Model for IoT-Based Critical Assets. In Proceedings of the 10th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS; ISBN 978-989-758-750-4, SciTePress, pages 191-198. DOI: 10.5220/0013200800003944

in Bibtex Style

@conference{iotbds25,
author={Kayode Adewole and Andreas Jacobsson and Paul Davidsson},
title={RAM-IoT: Risk Assessment Model for IoT-Based Critical Assets},
booktitle={Proceedings of the 10th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS},
year={2025},
pages={191-198},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013200800003944},
isbn={978-989-758-750-4},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Internet of Things, Big Data and Security - Volume 1: IoTBDS
TI - RAM-IoT: Risk Assessment Model for IoT-Based Critical Assets
SN - 978-989-758-750-4
AU - Adewole K.
AU - Jacobsson A.
AU - Davidsson P.
PY - 2025
SP - 191
EP - 198
DO - 10.5220/0013200800003944
PB - SciTePress