Cybersecurity Risk Analysis and Management in IoT Environments: The MARISMA-IoT Pattern

The Internet of Things (IoT) paradigm has emerged as a key enabler for enhancing efficiency, security, and data management across heterogeneous domains, ranging from smart homes to critical infrastructures. Nevertheless, its rapid proliferation introduces significant cybersecurity challenges. A single vulnerability, even within an apparently innocuous device, may suffice to compromise the entire interconnected technological ecosystem, thereby resulting in severe operational and economic repercussions.Conventional risk assessment methodologies prove inadequate for addressing the distributed, heterogeneous, and dynamic characteristics of IoT ecosystems. These environments are distinguished by the continuous incorporation of new devices, node mobility, and vendor diversity, all of which hinder comprehensive risk management.To address these challenges, this study introduces an innovative approach grounded in MARISMA, a comprehensive risk management framework, and its extension, eMARISMA, a cloud-based environment providing advanced real-time monitoring and analytical capabilities. This approach enables an efficient, flexible, and scalable management of risks associated with IoT devices.Moreover, a domain-specific risk pattern tailored for IoT is proposed, aligned with internationally recognized standards and frameworks such as NIST, ENISA, and ISO/IEC 27001, thereby ensuring compliance with global best practices. Finally, a case study conducted in a smart home environment illustrates the applicability of the proposed solution, demonstrating its effectiveness in facilitating risk mitigation, strengthening resilience against emerging threats, and enabling the secure integration of novel devices.