{"id":"https://openalex.org/W4400582574","doi":"https://doi.org/10.1145/3660770","title":"On the Contents and Utility of IoT Cybersecurity Guidelines","display_name":"On the Contents and Utility of IoT Cybersecurity Guidelines","publication_year":2024,"publication_date":"2024-07-12","ids":{"openalex":"https://openalex.org/W4400582574","doi":"https://doi.org/10.1145/3660770"},"language":"en","primary_location":{"id":"doi:10.1145/3660770","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3660770","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102442321","display_name":"Jesse Chen","orcid":"https://orcid.org/0009-0001-1741-5531"},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jesse Chen","raw_affiliation_strings":["University of Arizona, Tucson, USA"],"raw_orcid":"https://orcid.org/0009-0001-1741-5531","affiliations":[{"raw_affiliation_string":"University of Arizona, Tucson, USA","institution_ids":["https://openalex.org/I138006243"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083834096","display_name":"Dharun Anandayuvaraj","orcid":"https://orcid.org/0000-0001-6191-1180"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Dharun Anandayuvaraj","raw_affiliation_strings":["Purdue University, West Lafayette, USA"],"raw_orcid":"https://orcid.org/0000-0001-6191-1180","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013948143","display_name":"James C. Davis","orcid":"https://orcid.org/0000-0003-2495-686X"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James C. Davis","raw_affiliation_strings":["Purdue University, West Lafayette, USA"],"raw_orcid":"https://orcid.org/0000-0003-2495-686X","affiliations":[{"raw_affiliation_string":"Purdue University, West Lafayette, USA","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028738303","display_name":"Sazzadur Rahaman","orcid":"https://orcid.org/0000-0002-1258-6470"},"institutions":[{"id":"https://openalex.org/I138006243","display_name":"University of Arizona","ror":"https://ror.org/03m2x1q45","country_code":"US","type":"education","lineage":["https://openalex.org/I138006243"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sazzadur Rahaman","raw_affiliation_strings":["University of Arizona, Tucson, USA"],"raw_orcid":"https://orcid.org/0000-0002-1258-6470","affiliations":[{"raw_affiliation_string":"University of Arizona, Tucson, USA","institution_ids":["https://openalex.org/I138006243"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.6895,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.75118489,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"1","issue":"FSE","first_page":"1400","last_page":"1423"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9896000027656555,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9832000136375427,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/guideline","display_name":"Guideline","score":0.7443949580192566},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6231088042259216},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.6152903437614441},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5338002443313599},{"id":"https://openalex.org/keywords/best-practice","display_name":"Best practice","score":0.4234165847301483},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3697763681411743},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.16552528738975525}],"concepts":[{"id":"https://openalex.org/C2780182762","wikidata":"https://www.wikidata.org/wiki/Q1630279","display_name":"Guideline","level":2,"score":0.7443949580192566},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6231088042259216},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.6152903437614441},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5338002443313599},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.4234165847301483},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3697763681411743},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.16552528738975525},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3660770","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3660770","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5299999713897705,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":55,"referenced_works":["https://openalex.org/W397180395","https://openalex.org/W409344806","https://openalex.org/W1515587369","https://openalex.org/W1550884769","https://openalex.org/W1971765404","https://openalex.org/W1980722144","https://openalex.org/W1993957541","https://openalex.org/W2010924234","https://openalex.org/W2020584411","https://openalex.org/W2042720915","https://openalex.org/W2057895711","https://openalex.org/W2076587863","https://openalex.org/W2085881150","https://openalex.org/W2091847390","https://openalex.org/W2117254507","https://openalex.org/W2150656895","https://openalex.org/W2266751702","https://openalex.org/W2353739181","https://openalex.org/W2508433864","https://openalex.org/W2547513165","https://openalex.org/W2574271863","https://openalex.org/W2620457578","https://openalex.org/W2622958941","https://openalex.org/W2767005192","https://openalex.org/W2902144080","https://openalex.org/W2921988748","https://openalex.org/W2929305171","https://openalex.org/W2939359430","https://openalex.org/W2945564149","https://openalex.org/W2955138751","https://openalex.org/W2963143916","https://openalex.org/W2978817023","https://openalex.org/W3021196514","https://openalex.org/W3087893721","https://openalex.org/W3088417404","https://openalex.org/W3125140672","https://openalex.org/W3135773993","https://openalex.org/W3160783671","https://openalex.org/W3183915986","https://openalex.org/W4200356851","https://openalex.org/W4206465275","https://openalex.org/W4210939681","https://openalex.org/W4230067439","https://openalex.org/W4242704521","https://openalex.org/W4243927228","https://openalex.org/W4248813531","https://openalex.org/W4250691433","https://openalex.org/W4289982952","https://openalex.org/W4296132168","https://openalex.org/W4307091486","https://openalex.org/W4307396975","https://openalex.org/W4308562523","https://openalex.org/W4379434895","https://openalex.org/W4385532640","https://openalex.org/W6756436152"],"related_works":["https://openalex.org/W2002383399","https://openalex.org/W644644594","https://openalex.org/W2339422290","https://openalex.org/W2506073049","https://openalex.org/W642180557","https://openalex.org/W2397653702","https://openalex.org/W4233871529","https://openalex.org/W2338818750","https://openalex.org/W2365451219","https://openalex.org/W2415869793"],"abstract_inverted_index":{"Cybersecurity":[0],"concerns":[1],"of":[2,4,37,91,140,188,194,203],"Internet":[3],"Things":[5],"(IoT)":[6],"devices":[7],"and":[8,27,35,54,68,72,99,127,138,143,148,169,176,183,218],"infrastructure":[9],"are":[10,43,174],"growing":[11],"each":[12,141,215],"year.":[13],"In":[14,80,132,209],"response,":[15],"organizations":[16],"worldwide":[17],"have":[18,56],"published":[19],"IoT":[20,38,78,96],"security":[21,149,227],"guidelines":[22,42,98,190],"to":[23,146],"protect":[24],"their":[25,52,73],"citizens":[26],"customers":[28],"by":[29,48],"providing":[30],"recommendations":[31,69,103,145,173,178],"on":[32],"the":[33,111,129,136,152,186,189,195,204,207],"development":[34],"operation":[36],"systems.":[39],"While":[40],"these":[41,85],"being":[44],"adopted,":[45],"e.g":[46],".":[47],"US":[49],"federal":[50],"contractors,":[51],"content":[53],"merits":[55],"not":[57,64],"been":[58],"critically":[59],"examined.":[60],"Specifically,":[61],"we":[62,83,116,134,211],"do":[63],"know":[65],"what":[66],"topics":[67],"they":[70,154,224],"cover":[71],"effectiveness":[74],"at":[75,107],"preventing":[76],"real-world":[77],"failures.":[79],"this":[81],"paper,":[82],"address":[84,225],"gaps":[86,164],"through":[87],"a":[88,119,222],"qualitative":[89],"study":[90,128],"guidelines.":[92,109,208],"We":[93,157],"collect":[94],"142":[95],"cybersecurity":[97],"sample":[100],"them":[101],"for":[102],"until":[104],"reaching":[105],"saturation":[106],"25":[108],"From":[110],"resulting":[112],"958":[113],"unique":[114],"recommendations,":[115],"iteratively":[117],"develop":[118],"hierarchical":[120],"taxonomy":[121],"following":[122],"grounded":[123],"theory":[124],"coding":[125],"principles":[126],"guidelines\u2019":[130],"comprehensiveness.":[131],"addition,":[133],"evaluate":[135],"actionability":[137],"specificity":[139],"recommendation":[142],"match":[144],"CVEs":[147,205],"failures":[150,196],"in":[151,165,214],"news":[153,199],"can":[155,179],"prevent.":[156],"report":[158,212],"that:":[159],"(1)":[160],"Each":[161],"guideline":[162],"has":[163],"its":[166],"topic":[167],"coverage":[168],"comprehensiveness;":[170],"(2)":[171],"87.2%":[172],"actionable":[175],"38.7%":[177],"prevent":[180],"specific":[181],"threats;":[182],"(3)":[184],"although":[185],"union":[187],"mitigates":[191],"all":[192],"17":[193],"from":[197],"our":[198],"stories":[200],"corpus,":[201],"21%":[202],"evade":[206],"summary,":[210],"shortcomings":[213],"guideline\u2019s":[216],"depth":[217],"breadth,":[219],"but":[220],"as":[221],"whole":[223],"major":[226],"issues.":[228]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}