You are here: Home Contents V19 N3 V19N3_Lapke.html
Personal tools

Envisioning Organizational IoT: Embracing Design Science to Address the IoT Vulnerabilities



Full text

Journal of Information Systems Security
Volume 19, Number 3 (2023)
Pages 183194
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Michael Lapke — Christopher Newport University, USA
Jackson Walker — Christopher Newport University, USA
Malayo Magee — Christopher Newport University, USA
Information Institute Publishing, Washington DC, USA




Understanding the security risks associated with the expanding use of Internet of Things (IoT) devices is crucial for organizations. This paper utilizes the design-science methods approach (Hevner, 2004) to guide the development, assessment and communication of the design of an IoT threat detection artifact to better understand how this hazard can be managed in organizations. At this stage of the research the artifact has been developed and evaluated. This paper will focus on the development process and description of the developed artifact. The plan for the ensuing case study as part of future research will also be discussed.




Internet of Things (IoT), Design Science, Secure Development.




Alaba, F., Othman, M., Hashem, I., Alotaibi, F. (April 2017). Internet of Things security: A survey, Journal of Network and Computer Applications. Vol. 88, pp. 10-28.

Beck, K. (1999). Extreme Programming Explained: Embrace Change. Addison-Wesley. ISBN-13: 978-0201616415.

Bisson, D. (Oct., 2015), Ransomware Victims Should 'Just Pay the Ransom,' Says the FBI, Tripwire, Integrity Management,

Cyber Security Summit. (2015). New York City Cyber Security Summit, The Official Cyber Security Summit,

Fiorillo, T. (2014). Target Hackers Broke in via HVAC Company, Krebs on Security, 5 Feb,

Fowler, M., and Highsmith, J. (2001). The agile manifesto. Software development, 9(8), 28-35.

Furnell, S., Bada, M., and Kaberuka, J. (2023). Assessing Organizational Awareness and Acceptance of Digital Security by Design. Journal of Information Systems Security, 19(1).

Hevner, A., March, S., Park, J., and Ram, S. (2004). Design Science in Information Systems Research, Management Information Systems Quarterly. Vol. 28, No. 1, pp. 75-105.

Meneghello, F. Calore, M. Zucchetto, D. Polese, M., and Zanella, A. (2019). IoT: Internet of threats? A survey of practical security vulnerabilities in real IoT devices, IEEE Internet Things Journal, vol. 6, no. 5, pp. 8182–8201.

Neisse, R., Steri, G., Fovino, I. N., and Baldini, G. (2015). SecKit: a model-based security toolkit for the internet of things. computers and security, 54, 60-76. Oz, H., Aris, A., Levi, A., and Uluagac, A. (2022). A survey on Ransomware: Evolution, Taxonomy, and Defense Solutions, ACM Computing Surveys, Vol. 54, No. 11s, Article 238.

R4iot: When ransomware meets internet of things. (2022, June 1). Retrieved December 14, 2022, from

Svoboda, J., Ghafir, I., and Prenosil, V. (2015). Network Monitoring Approaches: An Overview, International Journal of Advances in Computer Networks and Its Security, Vol. 5, No 2.

Strous, L., Solms, S., and Zúquete, A. (2020). Security and privacy of the Internet of Things, Computers and Security. Vol. 102, no. 102148, pp. 1-3.

Waraga, O. A., Bettayeb, M., Nasir, Q., and Talib, M. A. (2020). Design and implementation of automated IoT security testbed. Computers and security, 88, 101648.

Zanella, A., Bui, N., Castellani, A., Vangelista, L., and Zorzi, M. (2014). Internet of Things for smart cities, IEEE Internet Things Journal. Vol. 1, no 1, pp. 22-32.