Next Article in Journal
Study on Outage Probability of RF-UWOC Hybrid Dual-Hop Relaying Systems with Decode-and-Forward Protocol
Previous Article in Journal
DFE-YOLO: A Multi-Scale-Enhanced Detection Network for Dense Object Detection in Traffic Monitoring
Previous Article in Special Issue
A Narrative Review of Identity, Data and Location Privacy Techniques in Edge Computing and Mobile Crowdsourcing
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 11
10.3390/electronics14112109
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments

by
Ricardo Emmanuel Reyes-Acosta
1,*,
Ricardo Mendoza-González
1,*,
Edgar Oswaldo Diaz
2,
Miguel Vargas Martin
3,
Francisco Javier Luna Rosas
1,
Julio César Martínez Romo
4 and
Alfredo Mendoza-González
2
1
Department of Systems and Computing, Tecnológico Nacional de México/IT Aguascalientes, Aguascalientes 20256, Mexico
2
Group of Systems Engineering, National Institute of Statistics and Geography (INEGI), Aguascalientes 20276, Mexico
3
Faculty of Business and Information Technology, Ontario Tech University, Oshawa, ON L1G 0C5, Canada
4
Electrical and Electronics Engineering Department, Tecnológico Nacional de México/IT Aguascalientes, Aguascalientes 20256, Mexico
*
Authors to whom correspondence should be addressed.
Electronics 2025, 14(11), 2109; https://doi.org/10.3390/electronics14112109
Submission received: 15 April 2025 / Revised: 14 May 2025 / Accepted: 16 May 2025 / Published: 22 May 2025
(This article belongs to the Special Issue Data Security and Data Analytics in Cloud Computing)
Browse Figures
Versions Notes

Abstract

:
The objective of this research was to propose a conceptual cybersecurity framework aimed at guiding developers in generating and implementing technological solutions for Edge Computing and Internet of Things (IoT) environments. The framework integrates NIST standards and SecDevOps practices, and was developed based on an extensive literature review, synthesizing evidence-based knowledge to offer a comprehensive perspective on actions necessary to address cybersecurity challenges in these environments. The core element of the framework, Govern, led to four primary components: Identity, Protect, Detect, and Respond and Recover. Each component outlines specific actions for identifying cybersecurity vulnerabilities, implementing strategies, and prioritizing privacy and integrity requirements. In order to establish a solid theoretical foundation of the proposal, the framework was conceptually validated through a qualitative method for collecting feedback from a panel of 35 experts from industry, government, and academia. Evaluators confirmed the framework’s relevance, highlighting its integration of NIST standards and SecDevOps practices. This combination is regarded as offering a modular and effective approach for aligning cybersecurity practices with governance principles, addressing cybersecurity challenges, enhancing compliance readiness, supporting secure development, and fostering resilient architectures in IoT and Edge Computing environments. The findings of this evaluation are perceived as promising, since the proposal is considered potentially beneficial to the field of cybersecurity by providing a structured practical framework that could serve as a foundational tool for strengthening security practices in Edge Computing and IoT environments.

1. Introduction

In an era of increasing digitalization, the rapid proliferation of Internet of Things (IoT) devices and the growing adoption of Edge Computing have significantly transformed the digital ecosystem, enabling a vast array of interconnected systems to process data with low latency and high efficiency [1]. However, this technological advancement has also introduced a high and evolving level of security and privacy concerns [2]. Many IoT devices are limited, often lacking robust encryption, authentication protocols, and secure firmware update mechanisms, making them highly susceptible to a wide range of cyber threats, such as malware infections, unauthorized access, and distributed denial-of-service (DDoS) attacks [2,3,4,5]. In this context, cybersecurity has become a critical concern for organizations and individuals alike [2,6]. As cyber threats continue to evolve in complexity and sophistication, protecting sensitive data, infrastructure, and services from malicious actors is more essential than ever [6]. The rise of Edge Computing and the Internet of Things (IoT) has introduced new security challenges, including decentralized attack surfaces, resource-constrained devices, and real-time processing requirements, necessitating a more adaptive and integrated cybersecurity approach [7,8]. Edge Computing environments, while enhancing responsiveness and decentralizing data processing, present additional security challenges, particularly due to the distributed nature of Edge nodes and their exposure to physical and remote attacks [4,9]. Critical vulnerabilities have been identified at multiple levels, including device, network, and data management, raising serious concerns regarding data integrity, confidentiality, and system availability [1,2,10]. According to [11], the most common cyber threats and attacks targeting IoT layers are categorized as follows:
  • Application Layer: The most frequent attacks include malware, viruses, and spyware. These are followed by malicious code injections, phishing, cross-site scripting (XSS), and botnet attacks.
  • Network Layer: Denial-of-service (DoS), replay attacks, and man-in-the-middle (MitM) attacks are the most prevalent. Other notable threats include selective forwarding, Sybil attacks, and sinkhole attacks.
  • Perception Layer: The most common threats are node capture and node tampering attacks. These are followed by eavesdropping and cyber-physical attacks.
As highlighted in [12], wireless sensor networks (WSNs) are rapidly evolving and have become a foundational component of the Internet of Things (IoT). However, their increasing deployment has expanded the attack surface, making them susceptible to a wide range of security threats. The most critical among these include DoS attacks, sinkhole attacks, Sybil attacks, spoofing, data tampering, and malicious traffic injection. On the other hand, major security threats in cloud environments, including Edge Computing, encompass data loss, data forgery, MitM attacks, and DoS attacks [13].
Traditional cybersecurity measures, while effective in centralized computing environments, often struggle to adapt to the dynamic and distributed nature of modern computing architectures [14,15]. Emerging strategies, such as lightweight cryptography, AI-driven anomaly detection, blockchain-based integrity assurance, and secure boot processes, have shown promise, but remain insufficiently integrated into holistic frameworks capable of securing the entire IoT and Edge Computing lifecycle, from device manufacturing and deployment to operation and decommissioning [6,7,16]. In this context, the research presented in [17] provides a comprehensive analysis of 18 prior studies, and concludes that the effectiveness of machine learning (ML) in mitigating and preventing cyberattacks is most pronounced at the network layer, followed by the application layer, and finally the hardware layer.
Moreover, the absence of standardized defense mechanisms and the lack of alignment between industry practices and regulatory compliance frameworks further exacerbate the risk landscape [3,18]. As adversaries increasingly exploit the convergence of the IoT, cloud computing, and artificial intelligence (AI), it becomes imperative to design proactive, scalable, and layered cybersecurity architectures that not only defend against known attack vectors, but also adapt to emerging threats in real time [15,19]. These challenges demand a comprehensive cybersecurity framework that ensures proactive threat detection, automated security enforcement, and continuous monitoring to safeguard Edge and IoT ecosystems [20]. There is no doubt that the National Institute of Standards and Technology (NIST) Cybersecurity Framework represents an excellent starting point. As explained in [12,21], the NIST framework effectively covers all identified threats, suggesting that it can resolve many cybersecurity issues. However, new and emerging threats may not yet be explicitly covered. While the NIST Framework offers significant advantages, its adoption in environments such as Edge Computing and the IoT presents challenges [12]. The framework traditionally assumes an IT security model whose implementation may, at times, lack the agility required for rapid adaptation to emerging threats, particularly in decentralized infrastructures [22]. Additionally, human vulnerability emerges as the primary threat due to factors such as insufficient training, inadequate awareness, and human error, which can easily lead to severe incidents; findings indicate that human vulnerabilities (human errors, negligence, lack of awareness, insufficient training, and susceptibility to social engineering) significantly increase the risk of successful cyberattacks [21].
On the other hand, to address the need for greater flexibility and automation, agile methodologies like DevSecOps have emerged as transformative approaches to integrating security into the software development lifecycle. DevSecOps promotes a culture of continuous security integration, automation, and collaboration between development, security, and operations teams. By embedding security controls within continuous integration and continuous delivery (CI/CD) pipelines, DevSecOps enables real-time vulnerability assessment, rapid remediation, and proactive risk mitigation [23]. DevSecOps often focuses on software development and deployment, leaving gaps in broader cybersecurity governance, risk management, and compliance areas where the NIST framework excels [24].
In this context, the development of a comprehensive cybersecurity framework tailored specifically for IoT and Edge Computing environments is essential [15,16,25]. Such a framework must integrate advanced threat detection techniques, resilient identity and access management, privacy-preserving data protection mechanisms, and support for international cybersecurity standards, through an environment that bridges the gap between the structured risk management approach of the NIST Cybersecurity Framework and the agile, automation-driven nature of DevSecOps [3,15,16].
This article aims to address these gaps by proposing a novel cybersecurity framework that leverages the strengths of both methodologies, ensuring comprehensive, adaptive, and proactive security for decentralized, high-risk environments. By combining NIST’s strategic cybersecurity governance with DevSecOps’ automation and continuous security integration, this framework aims to enhance threat detection, response efficiency, and overall resilience in modern computing ecosystems.

2. Related Work

The NIST Cybersecurity Framework (CSF), developed by the National Institute of Standards and Technology, provides a structured approach to managing cybersecurity risks that is widely adopted in enterprise settings [26]. The framework is organized around five core functions: Identify, Protect, Detect, Respond, and Recover. The Identify function focuses on understanding the organizational context by cataloging assets, assessing risks, and establishing governance structures. Protect emphasizes the implementation of safeguards, such as access controls and data encryption, to ensure system integrity. The Detect function involves continuous monitoring to identify cybersecurity events promptly. Respond outlines processes for mitigating incidents, including incident analysis and communication, while Recover aims to restore capabilities and services post incident through resilience planning.
In enterprise environments, the NIST CSF is valued for its flexibility and risk-based methodology, enabling organizations to align security practices with business objectives [27]. It is commonly integrated with standards like NIST SP 800-53 [28] to enforce compliance across sectors such as finance, healthcare, and critical infrastructure. Enterprises leverage its tiered implementation model to assess maturity and prioritize investments, making it a cornerstone of cybersecurity governance.
However, the NIST CSF exhibits limitations when applied to agile, distributed systems like Internet of Things (IoT) environments. Its design assumes centralized control and resource-rich infrastructures, which contrasts with IoT’s decentralized architecture, resource-constrained devices, and dynamic operational requirements [29]. The framework’s static risk assessment processes and lack of emphasis on rapid development cycles hinder its adaptability to the iterative, real-time demands of agile systems, necessitating enhancements for such contexts.
DevSecOps, an evolution of the DevOps paradigm, integrates security practices into the software development lifecycle (SDLC) to enhance agility and resilience in dynamic environments [30]. It operates through a series of iterative phases aligned with continuous integration and delivery workflows: Plan, Code, Build, Test, Release, Deploy, Operate, and Monitor. In the Plan phase, security requirements are defined alongside functional specifications. The Code and Build phases involve developing and compiling software with embedded security checks. Test incorporates automated vulnerability scans and compliance validation, while Release and Deploy ensure secure delivery to production. The Operate phase maintains system integrity, and Monitor leverages real-time analytics to detect anomalies, feeding insights back into the cycle.
Central to DevSecOps are principles such as shift-left security, which embeds security early in the SDLC to identify issues proactively, and continuous integration/continuous deployment (CI/CD) pipelines, which automate testing and deployment for rapid iteration [31]. Additional tenets include collaboration across development, security, and operations teams, and the use of infrastructure-as-code to standardize secure configurations. These principles enable DevSecOps to excel in rapid development, reducing time-to-market while maintaining security in fast-paced settings like cloud-native applications. Despite these strengths, DevSecOps lacks robust formal risk governance. It focuses on automation and agility and prioritizes tactical security over strategic risk management, often omitting comprehensive risk assessment frameworks or long-term governance structures [32]. This gap is particularly evident in complex ecosystems requiring standardized compliance, such as enterprise or regulated industries, where systematic risk prioritization is critical.
N. Tissir, et al. [33] present a comprehensive cybersecurity framework for cloud computing, addressing key threats, vulnerabilities, and risk management strategies. The study distinguishes between security and cybersecurity, aligning its approach with standards such as ISO 27032 [34], ISO 27001 [35], and the NIST Cybersecurity Framework. It offers practical guidelines for implementing cybersecurity policies and assessing organizational maturity, contributing to the development of secure, resilient cloud and Edge Computing environments.
A recent study by H. Taherdoost et al. [36] emphasizes cybersecurity as a foundational element in safeguarding data within increasingly interconnected digital ecosystems. Their study reviews widely adopted cybersecurity standards and frameworks, such as ISO 27001 and the NIST Cybersecurity Framework, highlighting their roles in establishing effective protection against cyber threats. By analyzing real-world applications across industries, the research offers actionable guidance for organizations seeking to align cybersecurity practices with their operational goals. This practical approach is particularly relevant for environments integrating IoT and Edge Computing technologies, where the complexity and scale of data flows demand well-structured, adaptive cybersecurity strategies.
A study by Alaa Khaleefah et al. [37] emphasizes that while the convergence of data networks, computing models, and distributed software has expanded the scope of cloud computing, it has also exposed significant security gaps. Key areas such as mutual entity trustworthiness, access controls, identity management, and data protection remain underdeveloped, necessitating stronger cybersecurity measures to detect and prevent threats. The study reviews existing cybersecurity frameworks (CSFs) from standard organizations like ISO and NIST, alongside frameworks proposed by researchers, outlining their characteristics and features. This analysis offers valuable insights into common elements that could inform the development of a generalized CSF model, providing a foundation for enhancing security in digitally interconnected systems.
Recent research by U. Igwenagu et al. [22] explores the development of an integrated cybersecurity risk management framework that unifies cloud computing security, database protection, and penetration testing. Drawing on survey data from 365 professionals in cybersecurity-related fields, the study uses descriptive statistics and PLS-SEM analysis to validate the effectiveness of this approach. The findings demonstrate that combining these strategies significantly reduces organizational vulnerabilities and incidents of data breaches. The research emphasizes the synergistic benefits of regular penetration testing, robust database security practices, and strict compliance with cloud security standards. Together, these elements form a comprehensive, adaptive defense mechanism that enhances resilience against an increasingly complex threat landscape. Particularly relevant to environments involving cloud computing and Edge Computing, the study advocates for a holistic, layered cybersecurity strategy capable of evolving alongside emerging technologies. This work reinforces the need for integrated frameworks that not only mitigate technical risks, but also align with broader organizational goals for secure digital transformation.
One study by M. Chauhan et al. [38] provides comprehensive analysis of leading cloud security frameworks, including COBIT5, NIST, ISO, CSA STAR, and AWS, to guide organizations in selecting and implementing effective security strategies for cloud-based systems. The study begins by contextualizing cloud technologies and associated vulnerabilities, then systematically compares the frameworks in terms of scope, implementation, strengths, limitations, and required tools. It further identifies major cloud-specific threats and attack vectors, assessing their impact and proposing targeted countermeasures. This comparative approach provides organizations with practical insights into aligning the right framework with their specific risk landscape. By focusing on the nuanced requirements of cloud environments, the research highlights the importance of adaptable, standards-based frameworks that can respond to evolving cybersecurity challenges. Particularly relevant for organizations leveraging Edge Computing and cloud computing, this work reinforces the need for informed framework selection to enhance organizational security and resilience in increasingly complex digital ecosystems.
The work presented by Awan et al. in [39] addresses the shortcomings of existing security solutions in dynamic and distributed IoT environments by proposing the SecEdge framework. This framework integrates transformer-based models for handling long-range dependencies and Graph Neural Networks (GNNs) for modeling relational data. The authors also incorporate federated learning to ensure data privacy and reduce latency. By continuously updating model parameters through adaptive learning mechanisms, SecEdge is designed to counter evolving cyber threats in real time, making it particularly suited for mobile IoT environments that require rapid adaptation to new attack vectors.
The importance of data privacy and integrity in the IoT ecosystem is underscored in [40], where Sandhyakumari et al. propose a comprehensive framework to address various cybersecurity challenges. This framework aims to mitigate risks associated with malware insertion, denial-of-service (DoS) attacks, and man-in-the-middle (MitM) assaults. Furthermore, it emphasizes the need for robust data privacy safeguards to ensure the integrity of the IoT supply chain and prevent tampering during manufacturing or distribution. Regulatory compliance, including adherence to standards such as GDPR and HIPAA, adds another layer of complexity, which this framework is designed to address, offering a holistic solution for IoT security.
Okegbile and Gambo, in [41], introduce an AI-driven security framework specifically designed to address the security and privacy requirements of Delay-Tolerant Networks (DTNs). This framework combines Long Short-Term Memory (LSTM) networks with transfer learning and differential privacy (DP) to enhance threat detection capabilities while preserving sensitive data. The authors investigate the effectiveness of their approach in improving detection accuracy and privacy preservation compared to traditional methods. This AI-driven framework provides a multi-layered security solution that can be applied to emerging cyber-physical systems such as DTNs, with potential applications in Edge and IoT environments, where real-time data transmission and privacy are critical.
Table 1 compares and summarizes the key elements of each study based on the following attributes: Study Title/Authors, Focus Area, Key Contributions, Cybersecurity Approach, Applicability to IoT/Edge Computing, and Limitations/Challenges.

3. Contribution

Considering the strengths and opportunities identified in the analysis of related work, the proposed cybersecurity conceptual framework merges the structured risk management principles of the NIST Cybersecurity Framework with the agility and automation of DevSecOps practices. The framework addresses the complexities of decentralized infrastructures and supports continuous and integrated cybersecurity operations. The main contributions of this research are summarized below:
  • Integrated security approach: Combines the structured, policy-based framework of the NIST with the automation and continuous integration capabilities of DevSecOps to provide a comprehensive security model.
  • Framework Design for Edge and IoT Contexts: Tailors the cybersecurity framework to address the specific needs and threats of distributed computing environments, such as Edge devices and IoT systems.
  • Support for Proactive Security: Embeds security throughout the software development lifecycle (SDLC), infrastructure deployment, and operational processes to enable continuous risk mitigation and security monitoring.
  • Incident Detection and Response: Ensures rapid threat detection and automated incident response mechanisms to improve system resilience and operational continuity.
  • Real-World Applicability: Demonstrates potential applications in critical sectors such as industrial IoT, smart cities, healthcare, and autonomous networks, where cybersecurity is vital for safety and performance.
  • Compliance Facilitation: Enhances continuous compliance with industry regulations through integrated security governance practices.
  • Foundation for Future Research: Provides a basis for empirical testing, expert validation, and real-world deployment, promoting iterative refinement and adaptation across diverse operational settings.

4. Methodology

To establish the proposed framework, a comprehensive literature review was conducted. This review involved a multivocal approach [42], during which a final pool (Final pool data URL: https://researchteamcomputingsystems.github.io/cybersecurityconceptualframework/final-pool.xlsx (accessed on 15 May 2025)) of 36 relevant sources was identified, including 29 research articles, 4 conference papers from international forums, and 3 reports from industry organizations. This initial selection was complemented by additional sources obtained using the Semantic Scholar tool [43], resulting in the identification of seven supplementary research articles. The sources selected were published between 2020 and 2024; however, three key sources from 2018 and 2019 were included, due to their significant relevance to our proposal.
Based on guidelines outlined in [44,45], a detailed review of the selected studies was conducted through a comparative analysis, aimed at synthesizing the data by identifying similarities and differences across them. The tasks involved in this process included the following:
  • Data Extraction: The relevant data were systematically extracted from each source, focusing on key elements such as the context of the problem, proposed solutions, results obtained, and conclusions drawn.
  • Categorization and Coding: The extracted information was categorized into thematic areas to facilitate comparison. The categories identified were as follows:
    • Cybersecurity-Related
      Cybersecurity
      Security
    • Industry-Related
      Smart industry
      Industry 4.0
      Industry 5.0
    • Theoretical-Related
      Framework
      Industrial standards
      Regulatory compliance
      Security standards
      Best practices
      Assessment methodologies
    • Technology-Related
      Cyber-physical systems
      Cloud computing
      Edge Computing
      Fog computing
      Machine learning
      Deep learning
      Internet of Things
      Industrial Internet of Things
      Blockchain
      Artificial intelligence
  • Analysis of Differences and Similarities: The extracted data were analyzed for both similarities and discrepancies across sources, considering aspects such as context, perspective, and accuracy.
  • Interpretation and Synthesis: The findings from the comparative analysis were synthesized to provide a comprehensive and critical view of the existing knowledge base. This allowed us to define the core elements to be integrated into the proposed framework.
This methodology facilitated the identification of patterns and consistency across the information, as well as a deeper understanding of the diverse perspectives addressing the complex challenge of establishing appropriate cybersecurity frameworks for smart industries.
To validate the proposed framework, an expert evaluation strategy was implemented by the following general actions (please see more details in Section 6), considering recommendations from [46,47]:
  • Participant Selection: The first step was to define the profile of the participants. Specifically, software developers with advanced knowledge in cybersecurity were chosen, ensuring that they possessed the necessary expertise to assess the technical aspects and applicability of the proposal.
  • Recruitment of Participants: Participants were recruited from various software development companies based in Mexico and the United States of America, and Universities from Mexico and Ecuador, ensuring a diverse range of professional backgrounds and experiences. Selected participants were recognized for their expertise in the fields of cybersecurity and software development.
  • Survey Design: An online survey was developed to gather demographic information from the participants, as well as their experience and technical perception regarding the foundational principles, relevance, and feasibility of implementing the proposed framework. The survey was designed to capture both quantitative and qualitative data that would provide insights into the participants’ views.
Figure 1 presents a summary of the methodology followed for this research.
Note: It is important to mention that the color palette chosen for the following figures in this article is intended to be color-blind friendly.
Electronics 14 02109 g001
Figure 1. General flowchart to summarize research methodology.
Figure 1. General flowchart to summarize research methodology.
Electronics 14 02109 g001

5. Proposed Framework

5.1. Summary

The escalating complexity of Edge Computing and Internet of Things (IoT) ecosystems necessitates a novel cybersecurity approach that balances structured risk management with agile security practices. This section introduces a “Cybersecurity Framework Applied to Edge Computing and Internet of Things Environments”, a theoretical model that integrates the NIST Cybersecurity Framework (CSF) with DevSecOps methodologies to address the unique security challenges of distributed, resource-constrained environments.
This framework has been designed to secure Edge Computing and IoT deployments by combining the NIST CSF’s systematic risk management functions with DevSecOps’ iterative, security-integrated development processes. The framework targets the protection of decentralized architectures, such as smart grids, autonomous vehicles, and industrial IoT, where traditional centralized security models falter (see Figure 2).

5.2. Synergy

The proprosed framework leverages the complementary strengths of the NIST CSF and DevSecOps to create a cohesive security strategy. The NIST CSF provides a structured foundation through its risk-based functions. For instance, the “Identify” function maps assets and vulnerabilities across distributed Edge nodes, while “Protect” implements tailored safeguards, like lightweight encryption (e.g., AES-128), suitable for resource-limited devices. Conversely, DevSecOps enhances this structure with agility and automation. Its shift-left security principle embeds threat modeling and static code analysis (ESLint 9.27.0) into the “Code” and “Build” phases of Edge software development, while CI/CD pipelines automate the deployment of security patches across thousands of IoT devices in near-real time.
The synergy manifests in the interplay between governance and execution. The NIST CSF’s risk profiles inform DevSecOps’ security gates within CI/CD workflows, ensuring that automated processes align with organizational risk priorities.

5.3. Framework Components

5.3.1. Core: Govern

Aligned with the “Govern” phase of the NIST 2.0 Framework, and as a central part of the proposed Cybersecurity Framework, this phase involves establishing a robust governance structure that aligns cybersecurity policies with organizational objectives, risk management strategies, and compliance requirements. This phase emphasizes the need for clear roles and responsibilities, ensuring that stakeholders understand their obligations in managing the cybersecurity risks associated with interconnected devices and Edge Computing systems. It also involves developing and implementing policies that address the unique challenges posed by the dynamic nature of IoT environments, such as data privacy, device authentication, and incident response, while fostering a culture of security awareness and continuous improvement to adapt to evolving threats and technological advancements.

5.3.2. First Quadrant: Identify–Plan

Identify. This focuses on developing a comprehensive understanding of the organization’s assets, risks, and cybersecurity requirements. This involves identifying and categorizing all IoT devices, Edge Computing resources, and associated data flows to create an inventory that highlights vulnerabilities and potential threats. Organizations must assess their risk environment by considering the potential impact of cyber incidents on operational continuity, data integrity, and privacy. Furthermore, this phase emphasizes the importance of understanding specific regulatory and compliance obligations for IoT and Edge Computing, enabling organizations to effectively prioritize their cybersecurity efforts and establish a solid foundation for risk management and protection strategies tailored to the complexities of Industry 5.0. The Identity-Plan components are presented in Figure 3.
Plan. This involves strategically defining security requirements and integrating them into the development and deployment processes from the outset. This phase emphasizes the importance of collaboration among cross-functional teams (including security, development, and operations) to identify potential security risks associated with interconnected devices and Edge systems. Organizations must assess the unique challenges posed by IoT environments, such as device diversity, data privacy, and regulatory compliance, to create a comprehensive security framework that guides the design and implementation of secure architectures. Additionally, the PLAN phase includes the establishment of clear security policies, threat modeling, and risk assessments that inform the development lifecycle, ensuring that security considerations are integrated at every stage of the process. By proactively addressing security in the planning phase, organizations can enhance their resilience against cyber threats and foster a culture of security awareness in the Industry 5.0 environment.
Asset. An asset is defined as any data, system, software, hardware, or resource that holds value for an organization and is essential to its operational and security objectives. Assets encompass not only physical and virtual components, but also intellectual property, sensitive information, and human resources that contribute to the organization’s technological and security infrastructure. The proper identification and management of assets are fundamental to ensuring a robust cybersecurity posture, particularly in dynamic environments such as Edge Computing and IoT ecosystems, where distributed and heterogeneous infrastructures introduce additional security challenges.
The asset identification and risk assessment phase is a critical component of both the Identify function in the NIST framework and the continuous security integration process in DevSecOps. This phase involves systematically cataloging all assets, assessing their security dependencies, and evaluating potential threats, vulnerabilities, and impact levels. By leveraging automated asset discovery tools, threat modeling, and real-time security monitoring, organizations can establish a proactive risk management approach, ensuring that security is embedded throughout the development, deployment, and operational lifecycle. In DevSecOps, this process is further enhanced by continuous assessment mechanisms integrated into CI/CD pipelines, enabling rapid detection and mitigation of vulnerabilities. The effective identification and protection of assets form the foundation for resilient cybersecurity strategies, reducing the attack surface while maintaining operational agility in complex computing environments.
Requirements. Requirements refer to the defined functional and security specifications that guide the development, deployment, and operation of secure systems. Functional requirements describe the expected behavior and capabilities of a system, ensuring that it meets business and operational objectives, while security requirements outline the necessary controls, policies, and mechanisms to protect assets, data, and services from threats and vulnerabilities. In the context of Edge Computing and IoT, these requirements must address scalability, interoperability, and real-time security enforcement. The identification and validation of requirements occur early in the system development lifecycle (SDLC), and are continuously refined through threat modeling, risk assessments, and compliance checks in a DevSecOps pipeline. By integrating security requirements as code and automating compliance validation, organizations can ensure that security is not an afterthought, but is a fundamental component of system functionality, enhancing resilience against evolving cyber threats.
Stakeholders. Stakeholders encompass all individuals and entities responsible for, or impacted by, the security and functionality of a system, including development, security, and operations teams. Effective cybersecurity in Edge Computing and IoT environments requires a collaborative approach where stakeholders actively integrate security considerations into planning, design, and deployment processes. Developers must incorporate secure coding practices, security teams must define and enforce security policies, and operations teams must ensure secure, resilient system performance. Through cross-functional collaboration, automation, and continuous feedback loops, DevSecOps fosters a culture where security is a shared responsibility, minimizing vulnerabilities and enabling rapid response to emerging threats. By aligning stakeholder priorities and leveraging security-as-code principles, organizations can enhance compliance, threat mitigation, and system integrity across distributed and dynamic environments.
Table 2 describes some of the applications for each phase of the framework within the first quadrant, focusing on Edge Computing and IoT scenarios.
The following are the compliance requirements associated with the first quadrant of the framework, with the aim of providing a structured and authoritative reference for implementing the strategy across development, pre-production, and production environments:
  • Asset inventory and environment topology
    Identify and document all IoT devices, Edge Computing nodes, networks, platforms, and software involved.
    Maintain an up-to-date record of asset location, connectivity, and relationships.
    Implement an automated asset discovery and change monitoring system.
  • Classification and categorization of sensitive data
    Determine what data are critical, confidential, or sensitive within the Edge and IoT environments.
    Apply data labeling schemes based on regulations such as GDPR, HIPAA, or national standards.
    Assess the criticality of information based on its impact on privacy, integrity, and availability.
  • Threat analysis and risk modeling
    Implement threat modeling methodologies (STRIDE, PASTA, DREAD) to evaluate potential attacks at each layer of the ecosystem.
    Maintain a taxonomy of threats specific to the IoT and Edge Computing, including physical, network, and software attacks.
    Evaluate attack vectors using tools such as “MITRE ATT&CK” for the IoT.
  • Vulnerability assessment and security testing
    Perform regular vulnerability scans on IoT devices, gateways, and management platforms.
    Apply penetration testing (pentesting) to assess the exposure of the environment in different attack scenarios.
    Integrate vulnerability detection tools into the development and operation cycle.
  • Evaluation of regulations and standards
    Identify the applicable regulatory frameworks (ISO 27001, IEC 62443 [48], among others).
    Assess compliance with privacy, data protection, and industrial safety regulations.
    Establish compliance metrics and remediation plans for regulatory breaches.
  • Definition of risk profiles and impact matrix
    Classify risks according to their probability and severity using impact matrices.
    Establish risk profiles for each type of device and operating environment.
    Prioritize risks based on their impact on business continuity and security.
  • Incident response and recovery plans
    Develop specific cybersecurity incident response plans in Edge Computing and the IoT.
    Simulate attack scenarios to assess the effectiveness of plans and improve resilience.
    Integrate automatic response mechanisms for rapid incident mitigation.
  • Security training and awareness
    Implement specific cybersecurity training programs for teams and end users.
    Establish attack simulations (phishing, social engineering) to strengthen the security culture.
    Foster a security mindset by design in all phases of development and implementation.

5.3.3. Second Quadrant: Protect–Build and Verify

Protect. This focuses on implementing appropriate safeguards to ensure the confidentiality, integrity, and availability of critical systems and data. This phase involves deploying security measures, such as access controls, encryption, and secure communication protocols, to protect IoT devices and Edge Computing infrastructure against unauthorized access and cyber threats. Organizations must also establish robust identity and access management practices to ensure that only authorized users and devices can interact with sensitive data and systems. Additionally, this phase emphasizes the importance of continuous monitoring and regular updates of security configurations, as well as training and awareness programs for employees that foster a culture of security. By proactively addressing vulnerabilities and implementing protective measures, organizations can enhance their resilience against cyber incidents in the smart industry. Figure 4 shows the elements of the Protect–Build and Verify quadrant.
Build and Verify. These focus on secure development and validation of applications and systems that interact with interconnected devices. One of the primary activities of this phase is for development teams to implement secure coding practices and leverage automation tools to integrate security controls directly into the software development lifecycle, ensuring that IoT applications are resilient against vulnerabilities and threats. Additionally, rigorous testing and validation processes must be employed to assess the security posture of the developed applications. This phase enables organizations to ensure that their IoT solutions are not only functional, but also secure, thereby enhancing trust and security in the context of Industry 5.0.
Security Controls. These refer to the technical, administrative, and procedural safeguards implemented to protect systems, data, and assets from cyber threats. The integration of appropriate security controls into development, deployment, and operational processes ensures that security is embedded into the system architecture from the outset, rather than being added as a reactive measure. In Edge Computing and IoT environments, where distributed infrastructures introduce unique security challenges, controls must be designed to address data confidentiality, integrity, availability, and access management. DevSecOps emphasizes automation, continuous monitoring, and compliance enforcement to ensure that security controls remain effective throughout the software development lifecycle (SDLC). By implementing security-as-code, infrastructure-as-code, and automated compliance checks, organizations can dynamically enforce security policies, reduce vulnerabilities, and maintain resilient, secure systems in evolving threat landscapes.
Data Protection. This encompasses the implementation of security measures to safeguard sensitive information against unauthorized access, alteration, or loss. This involves encrypting data both at rest and in transit, enforcing strict access controls, and ensuring secure data-handling practices across all stages of the software development lifecycle (SDLC). In Edge Computing and IoT environments, where data are often processed and transmitted in decentralized architectures, robust encryption, tokenization, and real-time monitoring are critical to maintaining confidentiality, integrity, and availability. The emerging concept of DataSecOps extends DevSecOps principles to data security, governance, and compliance, ensuring that data protection is integrated into both technological processes and organizational policies. By embedding security into development workflows, operational pipelines, and human interactions, organizations can enforce proactive data protection strategies, reducing risks while ensuring regulatory compliance and trust in digital ecosystems.
Testing. This is a critical process that ensures the reliability, performance, and security of applications before deployment. This involves conducting functional, performance, and security tests to validate that systems operate as intended while remaining resilient against cyber threats. Security testing includes Static Application Security Testing (SAST) to analyze source code for vulnerabilities before execution, and Dynamic Application Security Testing (DAST) to identify weaknesses during runtime. In Edge Computing and IoT environments, where systems are highly distributed and resource-constrained, penetration testing, fuzz testing, and automated security scanning help detect vulnerabilities in real-world conditions. DevSecOps integrates these testing mechanisms into the CI/CD pipeline, enabling continuous security validation throughout the software development lifecycle. By embedding automated security tests alongside functional and performance testing, organizations can proactively mitigate risks, ensuring that applications are secure by design before reaching production environments.
Table 3 describes some of the applications for each phase of the framework within the second quadrant, focusing on Edge Computing and IoT scenarios.
The following are the compliance requirements associated with the second quadrant of the framework, with the aim of providing a structured and authoritative reference for implementing the strategy across development, pre-production, and production environments:
  • Security by design and protection of the attack surface
    Apply the principle of “security by design” in the development and integration of IoT/Edge devices and systems.
    Reduce the attack surface by eliminating unnecessary services, closing unused ports, and applying secure default configurations.
    Use hardening techniques to strengthen security across devices, gateways, and platforms.
  • Secure identity, access, and authentication management
    Implement identity and access management (IAM) with Zero Trust-based authentication and authorization controls.
    Use multi-factor authentication (MFA) and access credentials based on certificates, biometrics, or physical tokens.
    Apply the principle of least privilege and segregation of duties in users, devices, and applications.
  • Data encryption in transit and at rest
    Implement end-to-end encryption (E2EE) for communication between IoT devices and Edge Computing nodes.
    Use robust encryption algorithms (AES-256, ECC, TLS 1.3) and properly manage cryptographic keys.
    Protect data at rest with secure storage, hashing, and database encryption techniques.
  • Protection against malware, ransomware, and malicious code
    Deploy malware detection and prevention (EDR/XDR) solutions on Edge and IoT devices.
    Implement secure boot mechanisms and signed firmware to prevent malicious code execution.
    Apply continuous monitoring with threat intelligence to identify new attack vectors.
  • Network segmentation and micro-segmentation
    Implement network segmentation at physical and logical levels, separating critical devices, IT environments, and OT environments.
    Apply next-generation firewalls (NGFWs) and access-control lists (ACLs) to restrict unauthorized traffic.
    Use identity- and context-based micro-segmentation techniques to improve security in distributed networks.
  • Building resiliency and availability in systems
    Design redundant architectures with high-availability (HA) and automatic-failover mechanisms.
    Implement secure backup and disaster recovery strategies with encrypted backups.
    Use security orchestration and automation platforms to improve operational resiliency.
  • Updates and Vulnerability Management
    Implement an update and patch management process for firmware, operating systems, and IoT/Edge applications.
    Apply compatibility tests before deploying updates to critical environments.
    Automate vulnerability detection and remediation with Vulnerability Management tools.
  • Safety testing and continuous evaluation
    Perform penetration testing (Pentesting) and security audits on devices, networks, and applications.
    Apply fuzzing techniques and static code analysis (ESLint 9.27.0) to detect vulnerabilities in IoT/Edge software.
    Assess compliance with security standards through regular reviews and compliance audits.

5.3.4. Third Quadrant: Detect–Monitor

Detect. The Detect phase aids in the timely identification of cybersecurity events and anomalies that could indicate potential threats or breaches. This phase involves implementing continuous monitoring solutions that leverage advanced analytics, machine learning, and threat intelligence to detect unusual behavior patterns in interconnected devices and Edge systems. Organizations must establish effective logging and alert mechanisms to capture relevant data from IoT devices and Edge Computing resources, enabling real-time visibility into their security posture. Additionally, the importance of conducting regular assessments and tests of detection capabilities is emphasized to ensure they can effectively identify emerging threats and vulnerabilities. By enhancing their detection capabilities, organizations can respond more quickly to incidents, minimizing potential damage and maintaining the operational integrity of smart-industry processes.
Monitor. This phase focuses on continuous monitoring and evaluations of deployed applications and systems to ensure security and consistent performance. This involves implementing real-time monitoring solutions that track system behavior, user activity, and network traffic across interconnected devices and Edge infrastructures, allowing organizations to detect anomalies and potential security threats in a timely manner. By utilizing advanced analytics, machine learning, and threat intelligence, organizations can gain insights into emerging vulnerabilities and attack patterns specific to IoT environments. Figure 5 shows the elements of the Detect–Monitor quadrant.
Log management. This is a fundamental process that involves the collection, storage, analysis, and correlation of system logs to detect anomalies, security threats, and operational issues. Effective log management requires centralized log aggregation from diverse sources, including applications, network devices, cloud services, and IoT endpoints, ensuring comprehensive visibility across the entire development and operational environment. By leveraging Security Information and Event Management (SIEM) systems, log analytics, and machine learning-driven anomaly detection, organizations can proactively identify security incidents, compliance violations, and performance bottlenecks. In Edge Computing and IoT ecosystems, where distributed architectures generate vast amounts of log data, automated log parsing, real-time monitoring, and threat intelligence integration are essential to maintaining security and operational resilience. DevSecOps embeds log management into CI/CD pipelines and runtime environments, enabling continuous security monitoring, rapid incident response, and forensic analysis to mitigate risks and enhance system integrity.
Real-time Monitoring. Real-time monitoring is a critical security practice that involves the continuous observation of applications, infrastructure, and network activity to detect security threats and operational anomalies as they occur. By implementing automated security monitoring, intrusion detection systems (IDSs), and behavioral analytics, organizations can rapidly identify and respond to potential incidents before they escalate. In Edge Computing and IoT environments, where decentralized architectures increase the attack surface, real-time telemetry, log correlation, and AI-driven threat detection enable proactive defense against cyber threats. This approach enhances situational awareness, accelerates incident response, and reinforces cyber-resilience by enabling rapid threat mitigation across dynamic and distributed computing ecosystems.
Table 4 describes some of the applications for each phase of the framework within the second quadrant, focusing on Edge Computing and IoT scenarios.
The following are the compliance requirements associated with the third quadrant of the framework, with the aim of providing a structured and authoritative reference for implementing the strategy across development, pre-production, and production environments:
  • Implementation of a real-time monitoring system
    Deploy threat detection tools (IDS/IPS, SIEM, SOAR) adapted to IoT and Edge Computing environments.
    Configure security sensors on IoT devices, gateways, and cloud platforms to collect critical events.
    Implement advanced telemetry mechanisms to obtain real-time data on suspicious activity.
  • Using threat intelligence for early detection
    Integrate threat intelligence feeds to update indicator of compromise (IoC) databases.
    Apply tools such as MITRE ATT&CK for ICS/IoT to map-attacker tactics and techniques.
    Use machine learning and behavioral analysis to detect anomalies in traffic, authentications, and access.
  • Continuous attack-surface monitoring
    Implement exposure assessment tools to identify exploitable vulnerabilities in Edge and IoT devices.
    Monitor API interfaces, firmware, and network connections for improper access or unauthorized changes.
    Apply automated security testing to continuously assess the security posture of the environment.
  • Log analysis and event auditing
    Configure log centralization (Syslog, ELK Stack, Graylog, Splunk) to correlate security events.
    Implement record retention in compliance with cybersecurity regulations and standards.
    Establish audit policies to detect improper access and unauthorized changes to critical systems.
  • Event correlation and forensic analysis
    Apply pattern detection using SIEM and correlation tools to analyze distributed attacks.
    Use Threat Hunting techniques to identify advanced persistent threats (APTs) within the network.
    Develop digital forensics procedures to investigate security incidents in IoT and Edge devices.
  • Anomaly detection in IoT networks and traffic
    Implement intrusion detection systems (NIDS and HIDS) with specific rules for IoT and Edge Computing.
    Analyze traffic patterns for unusual behavior, such as unexpected connections or increased requests.
    Use AI-based detection models to prevent denial-of-service (DDoS) attacks on IoT devices.
  • Data and device integrity security
    Implement firmware and configuration integrity check to detect malicious modifications.
    Apply cryptographic hashing to verify that files and firmware have not been tampered with.
    Monitor supply chain attacks that may compromise devices and software.
  • Real-time vulnerability assessment and management
    Integrate Vulnerability Management tools for vulnerability scanning and prioritization.
    Establish automated patching and mitigation processes based on asset criticality and exposure.
    Perform impact analysis before deploying updates to critical systems.
  • Priority-based incident response and alerting
    Set up a system of alerts and automatic notifications based on criticality levels.
    Implement automated response flows (SOAR) to reduce incident detection and reaction time.
    Define escalation protocols to notify the appropriate teams based on the severity of the event.
  • Continuous evaluation and improvement of the detection process
    Perform attack simulations (Red Team/Blue Team/Purple Team) to improve detection ability.
    Constantly adjust detection rules and policies based on new cyberattack tactics and techniques.
    Establish metrics and KPIs to measure the effectiveness of threat monitoring and detection systems.

5.3.5. Fourth Quadrant: Respond and Recover–Release, Deploy, and Operate

Respond and Recover. This phase focuses on effectively managing and mitigating the impact of cybersecurity incidents, ensuring a swift return to normal operations. Organizations must establish and implement incident response plans that outline clear procedures for detecting, analyzing, and containing security incidents, including communication protocols. This involves leveraging automated response tools and action guides tailored to the unique challenges of IoT and Edge Computing environments. Additionally, it is essential to emphasize the importance of restoring affected systems and services to their normal functioning, ensuring data integrity and operational continuity. Organizations should develop and regularly test recovery plans that include data backups, system restoration processes, and post-incident analysis to identify lessons learned and improve future resilience. See Figure 6.
Release, Deploy, and Operate. This involves the smooth and secure transition of applications from development to production, while ensuring continuous operational integrity. In the Release phase, teams prepare the application for deployment by integrating security controls and compliance validations to ensure that all security requirements are met before the software becomes available. During the Deploy phase, automated deployment pipelines are used to facilitate the rapid and reliable launch of IoT applications on Edge devices, incorporating security measures such as configuration management and vulnerability scanning to mitigate the risks associated with deployment. Finally, in the Operate phase, organizations continuously monitor the performance and security of deployed applications, leveraging real-time analytics and incident response protocols to address any emerging threats or operational issues. By integrating security throughout these phases, organizations can ensure that their IoT solutions are not only deployed efficiently, but also resilient against cyber threats, thereby improving their overall security posture.
Delivery. This refers to the automated and secure deployment of applications through continuous integration and continuous delivery (CI/CD) pipelines. These pipelines streamline the building, testing, and deployment processes by integrating automation tools that ensure efficiency, consistency, and security throughout the software development lifecycle (SDLC). Security controls are embedded at each stage, including Static and Dynamic Security Testing, dependency scanning, and configuration validation, to detect vulnerabilities before deployment. In Edge Computing and IoT environments, where distributed deployments introduce additional complexity, CI/CD pipelines enable secure and scalable software delivery while maintaining compliance with security policies. DevSecOps enforces “security as code” principles, ensuring that every software release undergoes rigorous security checks, reducing risk exposure and enabling rapid, reliable, and secure application updates in dynamic and evolving environments.
Respond and Recover. The Response and Recovery Plan is a structured approach to managing and mitigating security incidents in production environments while ensuring rapid and secure system restoration. This involves implementing security controls and incident response practices to detect, contain, and remediate threats as they occur, minimizing potential damage. In Edge Computing and IoT ecosystems, where real-time response is critical, automated threat containment, network segmentation, and forensic analysis help to prevent incident escalation. Recovery planning includes regular backups, failover strategies, and disaster recovery mechanisms to restore applications and infrastructure with minimal downtime. Additionally, post-incident reviews and root-cause analyses are essential to identify lessons learned, refine security policies, and improve future responses. By integrating automated response mechanisms into CI/CD pipelines and runtime environments, DevSecOps ensures that organizations can maintain operational resilience, regulatory compliance, and continuous security improvement in dynamic and distributed computing landscapes.
Table 5 describes some of the applications for each phase of the framework within the fourth quadrant, focusing on Edge Computing and IoT scenarios.
The following are the compliance requirements associated with the fourth quadrant of the framework, with the aim of providing a structured and authoritative reference for implementing the strategy across development, pre-production, and production environments:
  • Development of an incident response plan (IRP) specific to Edge and IoT
    Define an incident response plan (IRP) that contemplates specific IoT and Edge Computing threats.
    Establish procedures for containment, mitigation, and eradication of threats in distributed environments.
    Integrate multidisciplinary teams (CSIRT/SOC/OT security) for efficient incident management.
  • Implementing an attack containment mechanism
    Apply micro-segmentation strategies and dynamic access-control lists to isolate compromised devices.
    Implement automated response mechanisms with SOAR (security orchestration, automation, and response) tools.
    Develop sandboxing and quarantine policies for suspicious or compromised devices.
  • Threat elimination and eradication strategies
    Design secure reimagining processes of Edge and IoT devices to prevent malware persistence.
    Apply forced updates and critical patches to affected devices without compromising availability.
    Deploy Threat Hunting tools to identify malicious actors within the environment.
  • Response orchestration and automation
    Integrate automatic incident responses into the software and firmware deployment pipeline.
    Use AI- and ML-based models to prioritize responses based on attack criticality.
    Implement real-time corrective actions, such as revoking credentials and disabling compromised access.
  • Recovery and business continuity strategies
    Design high-availability (HA) and redundancy architectures in Edge Computing and IoT.
    Implement a disaster recovery plan (DRP) with multi-location backup.
    Validate the effectiveness of recovery plans through periodic incident simulations.
  • Versioning management and secure deployment of firmware and software
    Use digitally signed firmware and integrity validation mechanisms prior to deployment.
    Establish a secure CI/CD pipeline, ensuring that updates do not introduce vulnerabilities.
    Implement secure rollback strategies in case of failures in updates or deployments.
  • Post-deployment validation and monitoring
    Implement a post-deployment testing process to validate that there are no insecure configurations.
    Establish an intensive monitoring period after releasing new firmware/software versions.
    Apply penetration testing and fuzzing techniques to detect residual vulnerabilities.
  • Forensic assessment and post-incident impact analysis
    Perform digital forensics to determine the root cause of the incident and its scope.
    Establish a timeline of the attack to understand how it happened and how to prevent future incidents.
    Generate detailed reports with indicators of compromise (IoCs) and tactics used in the attack.
  • Communication and coordination during and after an incident
    Develop secure communication protocols with internal and external stakeholders during incidents.
    Establish alternative channels for communication in the event of network infrastructure disruptions.
    Comply with incident reporting regulations and standards within established times.
  • Continuous evaluation and improvement of the response process
    Implement a continuous improvement methodology based on lessons learned after each incident.
    Adjust the security framework based on threat intelligence and new adversarial tactics.
    Regularly train safety teams with Red Team/Blue Team/Purple Team exercises.

5.4. Implementation Challenges and Mitigation Strategies in IoT and Edge Computing Environments

The implementation of the proposed conceptual cybersecurity framework—integrating the NIST Cybersecurity Framework with SecDevOps principles—within IoT and Edge Computing environments introduces several notable challenges. These stem from the inherent complexity and distributed nature of such systems, as well as the stringent performance, interoperability, and security requirements that they impose. Addressing these challenges is essential to ensure the framework’s effectiveness and adaptability in real-world deployments.
Resource Constraints and Heterogeneity. IoT and Edge devices often operate under strict limitations in terms of computational power, memory, and energy consumption. This limits the feasibility of applying traditional, resource-intensive security mechanisms directly on the devices. Additionally, the heterogeneity of hardware and software platforms results in inconsistent capabilities, making unified security management difficult. To address this, lightweight cryptographic protocols and modular security components should be employed, tailored to device-specific constraints. Adoption of standardized communication interfaces and security APIs can further promote interoperability, while enabling centralized security policy enforcement through Edge gateways or orchestration layers.
Scalability and Dynamic Contexts. The highly dynamic nature of IoT ecosystems, characterized by frequent device mobility and network topology changes, presents significant challenges for maintaining up-to-date asset inventories, ensuring continuous threat monitoring, and adapting responses to emerging risks—all core components of the NIST framework. A scalable, policy-driven approach using Edge-based security orchestrators and decentralized identity management (e.g., blockchain or DIDs) can help to maintain visibility and control. Incorporating automated discovery and context-aware access-control mechanisms ensures consistent security enforcement as devices join or leave the network.
Real-Time Requirements and Latency Sensitivity. Many Edge applications, such as those in industrial automation or autonomous systems, have strict latency and real-time processing requirements. Security operations such as vulnerability scanning, intrusion detection, and policy validation—if not optimized—can introduce unacceptable performance overheads. Mitigating this challenge requires deploying Edge-native security functions that are performance-aware, including lightweight runtime monitoring agents and in-memory threat detection engines. These should be selectively activated based on operational risk levels to balance protection with system responsiveness.
Security Lifecycle Management. SecDevOps integration demands a continuous and automated security lifecycle that spans development, deployment, and maintenance phases. In organizations lacking mature DevOps practices, this shift can be disruptive and difficult to sustain, particularly when security teams and developers operate in silos. To overcome this barrier, organizations should adopt a phased DevSecOps transition plan that begins with the integration of security testing in CI/CD pipelines, and gradually evolves to include automated compliance checks and real-time threat modeling. Cross-functional training and collaborative workflows should be promoted to align development and security objectives.
In summary, while the application of an NIST-based cybersecurity framework augmented by SecDevOps offers a robust pathway to securing IoT and Edge Computing infrastructures, practical implementation requires careful attention to context-specific constraints. Tailored mitigation strategies, adaptive security tooling, and organizational readiness play critical roles in ensuring a successful and sustainable transition from traditional to resilient, framework-based security models in these emerging domains.

6. Conceptual Evaluation by Expert Panel

6.1. Evaluation Design

To ensure the reliability and feasibility of the proposed framework prior to its implementation, a conceptual evaluation was conducted by domain experts, following the recommendations outlined in [46,49]. The evaluation was designed based on the following criteria:
Selection of Participants: Participants were selected based on them having a minimum of three years of experience (classified as semi-senior or mid-level experts by professional recruitment and global matching platforms such as Indeed, https://ca.indeed.com/about) in fields including cybersecurity, secure mobile application development, secure web development, secure embedded system development, IoT security devices, and software engineering. Given the focus of the framework, participants were expected to primarily work in industry, though professionals from public or private institutions, higher education institutions (HEIs), and specialized research labs were also considered.
Recruitment: Expert profiles were reviewed on LinkedIn, along with academic profiles from platforms such as ResearchGate and Google Scholar. The selected experts were contacted and invited to participate in the study via email or social media. It is important to note that some experts were contacted through intermediaries professionally related to the research team; however, to mitigate the risk of biased responses, these intermediaries did not directly participate in the survey, and their connection to the research team remained anonymous. A total of 35 experts were recruited, following the recommendations for pilot studies provided in [27].
Evaluation Instrument: The survey was designed to capture experts’ perceptions of the proposal’s relevance from both a conceptual and methodological perspective, as well as from a technical and practical viewpoint. The conceptual evaluation focused on the following aspects: (a) the theoretical foundation and scientific–methodological rigor of the proposed framework; (b) the identification of the need and urgency for the framework and the alignment of the proposal’s purpose with the identified needs; (c) the relevance and originality of the proposal; and (d) the perceived feasibility of implementing the proposal. On the other hand, the technical evaluation aimed to assess the following: (a) the potential effectiveness and efficiency of the framework in helping developers to identify and mitigate critical cybersecurity issues; (b) the utility of the framework in guiding developers in the generation and implementation of specific solutions to identified cybersecurity problems; (c) the compatibility of the framework with existing standards, approaches, and principles, as well as with emerging technologies in cybersecurity environments; and, finally, (d) the framework’s ability to support and facilitate the integration of trust models and identity management within the context of the proposed solution.
The survey was managed using Google Forms, consisting of multiple-choice questions, as well as open-ended sections to gather demographic information and responses related to the conceptual and technical aspects. Specifically, the conceptual and technical sections employed a Likert scale with the following response options: I don’t know / I can’t answer, Totally disagree, Disagree, Neither agree nor disagree, Agree, and Totally agree. Each question was followed by a comment section for justifying the answers provided. Participation was voluntary, and no question was mandatory. Additionally, a summary of the proposal and an interactive version of the proposed framework were integrated into the survey for expert analysis. These materials were made available in both English (URL: https://forms.gle/V46MpTwqYVZzMzE79 (accessed on 15 May 2025)) and Spanish (URL: https://forms.gle/wzGYg5ANkRXE9sXX9 (accessed on 15 May 2025)). The response collection period was set from 24 February to 31 March 2025.
Data Analysis: After the survey was conducted, a content analysis of the responses was carried out. This analysis focused on identifying key themes and patterns in the feedback, which were used to draw conclusions about the framework’s strengths and areas for improvement. To evaluate the internal consistency of the survey instrument, Cronbach’s alpha coefficient was employed. Reliability analysis was conducted exclusively on Likert scale items. Two separate reliability tests were performed: one corresponding to the conceptual assessment construct, and the other to the technical assessment construct. The resulting Cronbach’s alpha values were 0.758 and 0.766, respectively. According to the thresholds established in the literature [50,51], these coefficients fall within the acceptable range of internal consistency, thereby supporting the reliability of the instrument for both dimensions evaluated.

6.2. Experts Information and Feedback

6.2.1. Demographic Information

The survey results revealed that most participants hold roles as developers in their respective organizations (10 participants, 28.5%), followed by those working as software engineers (eight participants, 22.8%). Additionally, 34.2% of the participants (12 individuals) reported having between 6 and 10 years of professional experience. Notably, 22.8% (eight participants) reported having between 16 and 20 years of professional experience, while 20% (seven participants) had more than 20 years of professional experience. This and other related information are summarized in Figure 7.
In terms of affiliation, the participants were affiliated with companies primarily based in the United States (13 participants) and Mexico (13 participants). In Mexico, the participants were further affiliated with government institutions (6 participants) and higher education institutions (HEIs) (2 participants), totaling 21 participants from the country. Additionally, one expert from Ecuador, affiliated with an HEI, participated in the study. Detailed demographic information is presented in Figure 8.

6.2.2. Perceptions of Methodological Aspects

The majority of participants (37.1% strongly agreed and 42.9% agreed) perceived that the methodology for designing the framework reflected an appropriate level of scientific and technical rigor. Furthermore, 94.3% of the experts agreed that the components of the framework (structure, levels, and actions) aligned with the overall purpose of the proposal and the identified needs. Additionally, 80% of the participants agreed that the framework facilitated and enabled the actions necessary to achieve the purpose for which it was designed. Similarly, 97.2% of the experts considered that the framework was original and relevant, adding practical utility to the specific area of knowledge.
Moreover, 82.8% of the participants expressed some level of agreement with the proposition that the implementation of the framework could result in benefits and/or improvements in cybersecurity within Edge Computing and Internet of Things (IoT) environments. Only two participants disagreed with certain aspects of the framework, particularly regarding the scientific and methodological rigor, as well as the potential feasibility of its implementation.
Several experts provided justifications for their responses, highlighting the following points:
  • “The relevance of the framework is supported by how its elements and structure facilitate decision-making and the implementation of specific measures, all aligned with key cybersecurity standards and principles”.
  • “This is an approach I wasn’t familiar with, and upon reviewing it, there appear to be many ways to implement it, thus adding value in various potential scenarios”.
  • “I consider this framework to be unique and innovative; I haven’t heard of anything similar to it so far”.
  • “There may be several studies related to security in devices, but none have taken into account the IoT devices we use in our daily lives... and if we also consider it at the AI level, it’s an area that is growing in an interesting way”.
  • “The framework’s simple implementation is evident due to its integral components. I believe it could lead to benefits and/or improvements in cybersecurity in Edge Computing and IoT environments”.
  • “The proposed framework favors and enables the necessary actions to achieve its purpose, as it offers a clear structure organized by levels, which will facilitate its implementation”.
Figure 9 provides a summary of the responses obtained:

6.2.3. Perceptions of Potential Efficacy and Efficiency in Practice

The vast majority of participants (65.7% strongly agreed and 34.3% agreed) perceived that the proposed framework could help to mitigate critical cybersecurity vulnerabilities and threats in Edge Computing and Internet of Things (IoT) environments. Regarding the utility of the framework in guiding developers in the visualization and implementation of strategies to mitigate critical cybersecurity vulnerabilities and threats in these environments, 82.8% of the participants expressed favorable opinions, highlighting the effectiveness proposed in this context.
A significant number of experts (91.5%) agreed that the framework could help identify and prioritize critical requirements for ensuring data integrity and privacy in Edge Computing and IoT environments. Similarly, 91.5% of the experts considered that the proposed framework adequately aligned with current standards, approaches, and principles, as well as with emerging technologies (88.6%), in cybersecurity environments.
Finally, most experts (85.7%) valued the framework’s ability to promote and facilitate the incorporation of trust models and identity management within the context of the proposal. Once again, two negative opinions were recorded regarding two specific aspects: how the framework helps to identify and implement strategies and solutions, and how the proposal helps to identify and prioritize privacy and integrity requirements.
Several experts provided additional comments regarding the potential efficacy and efficiency of the framework in practice, including the following:
  • “I believe the proposed framework is one of the best available options for implementation, as meeting expectations on time can significantly improve security implementation”.
  • “The components of the framework help identify and prioritize critical requirements to ensure data integrity and privacy in Edge Computing and IoT environments”.
  • “It was very helpful to follow the framework content while going through the components. I believe that it would be beneficial in practice”.
  • “The framework allows for measures such as encryption, authentication, and network segmentation, facilitating implementation to reduce common risks in the mentioned environments. Additionally, its practical approach helps visualize how to act against various threats”.
  • “The framework aligns with recognized standards such as NIST and ISO/IEC, integrating best practices that strengthen security in the proposed environments”.
  • “Being maintainable and scalable, it offers better control and integration of new technologies”.
  • “The framework includes elements such as authentication and access control, which are fundamental for establishing trust models in the proposed environment”.
Figure 10 provides a summary of the responses obtained:

6.3. Discussion and Limitations

Most of the results obtained were favorable towards the proposed framework, allowing us to infer that it helps clearly establish the need and urgency for addressing cybersecurity issues in comprehensive IoT environments. Furthermore, the acceptance of the framework’s elements and structure was largely positive, as they address the fundamental considerations required to create a secure and effective environment for the involved systems. This is attributed to how the framework’s elements combine established cybersecurity approaches for integrated IoT environments. Therefore, it can be inferred that the structure of the framework is clear, and the grouping of specific actions by stages is well understood. In this regard, the components of the framework (structure, levels, and actions) are consistent with the overall purpose and scope of the proposal. These aspects contribute to a clear understanding and logical organization of key cybersecurity elements, as well as the identification of strategies and solutions that will facilitate the comprehensive management of security, making its successful implementation feasible through the guidance provided by the proposed framework.
However, some participant feedback reveals opportunities for improvement, as noted in the previous subsection (see also Figure 9 and Figure 10), particularly in the following areas:
Scientific and Methodological Rigor: There is a need to strengthen the scientific methodology by explicitly integrating an experimental phase, potentially incorporating specific use cases instead of a single generic example.
Feasibility of Framework Implementation: The framework lacks sufficient detail regarding how it supports and enables the implementation of the necessary actions for achieving the proposed goals. In this regard, the idea could benefit from a more detailed explanation of the activities by adding tasks, and even the steps involved, to ensure the successful execution of the framework.
Identification and Implementation of Strategies and Solutions: It is very important to analyze the implementation of the framework through practical experimentation to validate its effectiveness in the real world. The lack of experimental feedback is probably the main weakness of the proposal. Additionally, in some cases, the alignment of the framework’s components with best practices for Edge Computing and IoT appears to be limited. Related to the previous point, providing more detailed explanations, diagrams, and step-by-step guidance could strengthen the proposal, particularly in the final elements of each classification within the framework.
Identifying and Prioritizing Privacy and Integrity Requirements: This remains a broad field that needs further exploration. Specifically, the authentication methods and security measures still require refinement to ensure the security of interactions between IoT and Edge Computing environments.
Furthermore, the recommendations from [49] were followed to form a sample (ranging from 30 to 50 participants) that would allow for the collection of data considered statistically reliable. Although the number of participants in this study fell within this range, it was near the lower bound. Another limitation to consider is that, while strategies were established to avoid biased responses in the survey, the way in which the study was conducted may have led some participants to feel obliged to participate, which could have affected the rigor of their evaluations.

6.4. Member Checking

The analysis of the framework was further validated through a second round of expert consultation, using a member checking process. This iterative review provided significant qualitative insights that strengthened the findings and revealed both practical advantages and areas for improvement.
Experts corroborated that the framework components facilitate the mitigation of common vulnerabilities in distributed IoT and Edge environments, enable visibility into risk landscapes, and help stakeholders to prioritize actions related to data confidentiality, integrity, and identity management.
However, several experts pointed out important limitations and assumptions within the initial formulation. Notably, the claim that IoT devices become inherently insecure when interfacing with cloud services was deemed overly simplistic. Cloud platforms typically offer a comprehensive suite of security mechanisms—such as API gateways, IAM (identity and access management), anomaly detection, and communication encryption—that can effectively secure device–cloud interactions. Therefore, the real threat surface may lie not in the cloud infrastructure itself, but in the IoT device’s local exposure—especially in deployments relying on BLE or WiFi communication, where implementing certificate-based security remains a complex task due to hardware and protocol limitations.
This aspect was emphasized by experts with direct industrial experience, particularly those involved in projects integrating WiFi/BLE IoT devices with cloud services, such as in the energy sector. Their feedback underscores a critical challenge: securing communication channels and APIs exposed at the device layer, especially when DNS resolution and Edge-based communications are used.
Another concern raised was the inclusion of artificial intelligence (AI) capabilities within the framework. Although AI can enhance threat detection and autonomous decision-making, its integration at the device level may be impractical due to computational constraints and complexity. Experts cautioned that deploying AI in this context could be excessive (overkill), especially if not modularized appropriately. Instead, AI components should be designed for selective activation, based on device capabilities and specific threat models.
The originality, applicability, and compatibility of the framework with emerging technologies were also acknowledged. Still, participants stressed the need for formal and frequent re-evaluation of the framework to adapt to the rapid evolution of technologies, standards, and cybersecurity threats.
The experts added that while the framework conceptually aligns with cybersecurity standards, especially those of the NIST and SecDevOps, the lack of explicit references to other standards, such as those related to availability, a core pillar of the CIA triad, needs to be addressed. Future iterations of the framework would benefit from clearly mapping each component to established international guidelines (e.g., ISO/IEC 27001 [35], NIST SP 800-207 [52]) and addressing key aspects such as fault tolerance and service continuity.
In addition, experts note the absence of practical references for incorporating trust models and identity management mechanisms, which are critical in decentralized environments such as Edge Computing. While the framework contains general provisions for these areas, it does not include detailed guidance or correspondence to specialized models (e.g., decentralized identity (DID), public key infrastructure (PKI) tailored to limited devices).
Physical security was another dimension brought up by experts. While the framework focuses on logical and architectural protections, it lacks strategies for dealing with scenarios where unauthorized physical access to Edge devices occurs—an important consideration in environments where physical security cannot be guaranteed.
From an implementation perspective, respondents emphasized this aspect as the main limitation of the proposal. Participants pointed out the importance of a more detailed analysis of the framework components, including how they interconnect and apply in real-world scenarios. Several suggested that integrating use cases or a pilot implementation would greatly enhance the framework’s relevance and allow for empirical validation. Despite its theoretical soundness, such real-world testing is essential to evaluate its effectiveness under operational constraints.
The experts summarized these observations by considering that, by implementing these enhancements, not only will the broader applicability of the proposed framework be ensured, but also its alignment with state-of-the-art research. Furthermore, these improvements will contribute to maintaining the framework’s robustness, scalability, and relevance in the face of rapidly evolving technological advancements and emerging security challenges.

6.5. Preliminary Practical Example

The feedback provided by the experts who analyzed and reviewed the proposal during the initial phase highlights the critical importance of incorporating implementation examples of the framework. These examples serve to reinforce the findings from the qualitative validation by offering a clearer view of the framework’s feasibility and effectiveness in practical scenarios. In this context, we have designed an initial basic implementation example, presented as a laboratory case study. The following scenario was established to guide the development of this preliminary implementation.

6.5.1. Overview

The following environment reflects a realistic industrial setup incorporating IoT devices, Edge Computing infrastructure, and cloud-based analytics services. See Figure 11.
The system architecture is structured into three layers:
Device Layer: Industrial IoT sensors (e.g., temperature, vibration, and light) generate environmental and machine status data. Client devices such as tablets and operator consoles provide real-time interaction and monitoring capabilities.
Edge Layer: This comprises three dedicated Edge servers:
  • Edge Server 1: Performs preliminary data processing and reduction.
  • Edge Server 2: Manages data caching, buffering, and local failover storage.
  • Edge Server 3: Handles local network services, access control, and routing.
Cloud Layer: This hosts a web-based dashboard for centralized monitoring and management, as well as a data warehouse for historical trend analysis and predictive maintenance applications.

6.5.2. Cybersecurity Challenges

A preliminary risk assessment revealed several vulnerabilities across the system:
Device Layer. Devices lacked firmware integrity verification, used hardcoded credentials, and had no secure communication channels. These deficiencies rendered them susceptible to spoofing, unauthorized access, and malicious firmware injection.
Edge Layer. Absence of role-based access control, segmentation, or endpoint protection exposed Edge servers to lateral movement, unauthorized data access, and code injection.
Cloud Layer. The system used misconfigured APIs and insufficient authentication mechanisms. Sensitive data were stored and transmitted without adequate encryption, posing risks of data leakage and account compromise.

6.5.3. Layer-Specific Improvements After Framework Implementation

The proposed cybersecurity framework was applied to address these vulnerabilities using a structured combination of NIST CSF functional categories (Identify, Protect, Detect, Respond, Recover) and DevSecOps automation:
  • Device Layer Improvements
  • All IoT devices were inventoried and associated with unique digital identities. Risk profiling was performed based on physical exposure and network behavior.
  • Firmware signing and secure boot processes were implemented. Secure communication channels were established using mutual TLS. Hardcoded credentials were eliminated in favor of rotating tokens and certificate-based authentication.
  • Lightweight anomaly detection modules were deployed directly on devices to identify unusual data patterns or firmware changes.
  • Compromised or malfunctioning devices could be remotely isolated via Edge layer policies.
  • Device configurations were version-controlled, allowing secure re-provisioning or rollback in case of breach.
  • Edge Layer Improvements
  • An automated asset inventory system was deployed to map all Edge components and dependencies.
  • Role-based access control (RBAC) was enforced on all Edge servers. Network segmentation and virtual LANs (VLANs) were implemented to restrict lateral movement. All inter-server communications were encrypted using TLS 1.3.
  • Edge servers were instrumented with intrusion detection systems (IDSs) and behavior-based logging. Monitoring agents forwarded logs to a central SIEM system.
  • Automated containment strategies were established, such as blocking IPs exhibiting malicious behavior or shutting down specific services.
  • Edge configurations were maintained as Infrastructure as Code (IaC), allowing automated redeployment in clean environments if needed.
  • Cloud Layer Improvements
  • Cloud assets were tagged and classified by sensitivity. Identity and access management policies were refined to enforce least privilege.
  • API gateways were hardened using Web Application Firewalls (WAFs) and OAuth2.0-based authentication. Data in transit and at rest were encrypted using AES-256. Secrets management was integrated with CI/CD pipelines.
  • Continuous cloud posture monitoring tools (e.g., CSPM) were introduced to audit misconfigurations. Audit logs were collected for compliance tracking.
  • Cloud-based incident response playbooks were automated to revoke keys, suspend user accounts, or disable APIs under specific threat triggers.
  • Regular encrypted backups were scheduled, and recovery procedures were validated through simulations and drills.

6.5.4. Results and Observations

After the deployment of the integrated framework, the system exhibited measurable improvements in both its security posture and operational resilience (See Figure 12):
  • The MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) were significantly reduced due to automated monitoring and responsive controls.
  • Device-level attacks, such as spoofing and rogue firmware uploads, were effectively mitigated through secure boot, signed firmware, and runtime anomaly detection.
  • Edge-level resilience was improved through policy-driven segmentation, continuous monitoring, and automated rollback of compromised services.
  • Cloud service integrity and confidentiality were strengthened through improved API security, encryption, and fine-grained authorization and authentication policies.
  • The architecture demonstrated enhanced cyber-resilience, with the ability to maintain business continuity and quickly recover from cyber incidents.
This use case demonstrates how the proposed framework enhances the security and resilience of complex cyber-physical systems by integrating governance principles with modern automation and continuous security practices.

7. Concluding Remarks

A conceptual cybersecurity framework was proposed to guide developers in the generation and implementation of technological solutions applied to Edge Computing and Internet of Things (IoT) environments. The framework was based on a systematic literature review, resulting in an evidence-based synthesis of knowledge, which provided a comprehensive overview of the actions necessary to support and justify the proposal, especially in comparison to other studies and similar alternatives.
The framework incorporates a core element, Govern, from which four main components derive: Identity, Protect, Detect, and Respond and Recover. These components represent four essential actions required to establish cybersecurity schemes in support of Edge Computing and IoT environments (see Figure 1). Each of these actions is further subdivided into specific tasks, focusing on guiding developers in identifying and specifying cybersecurity issues, threats, and vulnerabilities; formulating and implementing strategies and solutions; and identifying and prioritizing privacy and integrity requirements.
Given the conceptual nature of the proposed cybersecurity framework for IoT and Edge Computing environments, the current phase of this research has primarily focused on establishing a solid theoretical foundation. This phase aimed to define and refine the framework’s core components from a conceptual perspective, ensuring internal coherence and alignment with current technological and threat landscapes.
Therefore, the proposal was conceptually validated by a panel of experts. Thirty-five participants from industry, government, and academia were recruited to assess the framework, highlighting its scientific methodology and its potential for practical implementation. Qualitative feedback from the evaluators was positive, with several emphasizing that, although the framework is relatively basic, it is well integrated and presents an interesting approach by combining NIST standards and SecDevOps practices. This combination could be highly beneficial for those starting cybersecurity projects, serving as a reliable starting point to identify and address security issues in a modular way. The evaluators’ responses suggested a coherent integration of the framework’s purpose, structural components, and scope, allowing for a clear understanding and logical organization of key cybersecurity elements. The identification of actions that facilitate the comprehensive management of security in IoT and Edge Computing environments further reinforced the framework’s potential for practical implementation, particularly in environments that lack minimal security requirements.
While the initial perspectives from experts provide encouraging feedback regarding the relevance and design of the framework, several areas for improvement were identified to achieve the framework’s goals more effectively. Key areas for future work include the following:
Detailed Description: This involves providing more in-depth descriptions of actions, especially in the framework’s outer components, with implementation examples for Edge Computing and IoT environments. This will involve enhancing the original descriptions with additional implementation examples and diagrams, with a particular focus on aligning these elements with the most widely recognized cybersecurity best practices for Edge and IoT environments.
Framework Update and Maintenance: This involves integrating an update and maintenance section as part of the framework’s actions to enhance its flexibility and adaptability. This will include the creation of a validation, monitoring, and, if necessary, update plan to keep the framework aligned with new technologies, developments, and discoveries.
Proof of Concept: Even if the expert evaluation was promising, we acknowledge that the absence of empirical validation constitutes a limitation that must be addressed in future stages of the research. In this case, it is worth considering that comprehensive testing of all framework components within a single case study would involve a high degree of complexity and require specific long-term research work. As such, future work will focus on the progressive integration and empirical validation of selected components through real-world case studies. These studies will be designed to assess the feasibility, reliability, and scalability of the framework in practical scenarios, particularly within heterogeneous and resource-constrained IoT and Edge environments. Additionally, we recognize the growing influence of Large Language Models (LLMs) in software development and cybersecurity applications. Therefore, a subsequent research phase will explore the potential integration of LLMs to support specific framework functionalities, including automated threat detection, anomaly classification, and secure code generation. This practical experimentation will not only enhance the technical robustness of the proposal, but also provide concrete data to demonstrate its applicability and value in operational contexts. Moving from theoretical exploration to empirical evaluation will provide the experimental evidence required to substantiate the framework’s effectiveness and scalability, thereby addressing current limitations and strengthening the contribution to the field.
The development of these actions will reinforce the framework. The improved version of the proposal will ensure that it meets both the technical and practical requirements of the cybersecurity software development community.

Author Contributions

Conceptualization, R.E.R.-A. and E.O.D.; Methodology, R.E.R.-A., R.M.-G. and M.V.M.; Validation, R.M.-G., E.O.D., M.V.M., F.J.L.R., J.C.M.R. and A.M.-G.; Formal analysis, R.M.-G., F.J.L.R. and A.M.-G.; Investigation, R.E.R.-A., R.M.-G., M.V.M., J.C.M.R. and A.M.-G.; Resources, R.E.R.-A.; Writing—original draft, R.E.R.-A., R.M.-G. and E.O.D.; Writing—review & editing, R.M.-G., M.V.M. and F.J.L.R.; Visualization, R.E.R.-A., M.V.M., F.J.L.R. and J.C.M.R.; Supervision, M.V.M. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest. The funders had no role in the design of the study; in the collection, analyses, or interpretation of data; in the writing of the manuscript; or in the decision to publish the results.

References

  1. Dritsas, E.; Trigka, M. A Survey on Cybersecurity in IoT. Future Internet 2025, 17, 30. [Google Scholar] [CrossRef]
  2. Zhukabayeva, T.; Zholshiyeva, L.; Karabayev, N.; Khan, S.; Alnazzawi, N. Cybersecurity Solutions for Industrial Internet of Things–Edge Computing Integration: Challenges, Threats, and Future Directions. Sensors 2025, 25, 213. [Google Scholar] [CrossRef] [PubMed]
  3. ElSayed, Z.; Abdelgawad, A.; Elsayed, N. Cybersecurity and Frequent Cyber Attacks on IoT Devices in Healthcare: Issues and Solutions. arXiv 2025, arXiv:2501.11250. [Google Scholar]
  4. Alotaibi, B. A Survey on Industrial Internet of Things Security: Requirements, Attacks, AI-Based Solutions, and Edge Computing Opportunities. Sensors 2023, 23, 7470. [Google Scholar] [CrossRef]
  5. Tange, K.; De Donno, M.; Fafoutis, X.; Dragoni, N. A Systematic Survey of Industrial Internet of Things Security: Requirements and Fog Computing Opportunities. IEEE Commun. Surv. Tutor. 2020, 22, 2489–2520. [Google Scholar] [CrossRef]
  6. Malatji, M.; Marnewick, A.L.; Solms, S.V. Cybersecurity Capabilities for Critical Infrastructure Resilience. Inf. Comput. Secur. 2021, 30, 255–279. [Google Scholar] [CrossRef]
  7. Reyes-Acosta, R.; Dominguez-Baez, C.; Mendoza-Gonzalez, R.; Vargas Martin, M. Analysis of Machine Learning-Based Approaches for Securing the Internet of Things in the Smart Industry: A Multivocal State of Knowledge Review. Int. J. Inf. Secur. 2024, 24, 31. [Google Scholar] [CrossRef]
  8. Radanliev, P.; De Roure, D.; Page, K.; Nurse, J.R.C.; Mantilla Montalvo, R.; Santos, O.; Maddox, L.; Burnap, P. Cyber Risk at the Edge: Current and Future Trends on Cyber Risk Analytics and Artificial Intelligence in the Industrial Internet of Things and Industry 4.0 Supply Chains. Cybersecurity 2020, 3, 13. [Google Scholar] [CrossRef]
  9. Matta, V.D.R.; Maheswara Rao, V.V.R.; Battula, V.S.J.; Addagatla, M.B. Mitigating Security Challenges in Edge Computing: Attacks, Defence Strategies, and Algorithms. In Proceedings of the 2025 3rd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT), Bengaluru, India, 5–7 February 2025; pp. 462–470. [Google Scholar]
  10. Joshi, S.D.; Khairnar, V.A.; Somvanshi, S.V. A Comprehensive Study on Internet of Things (IoT): State-of-the-Art: Security Challenges, Future Directions, Applications and Opportunities. Int. J. Adv. Res. Sci. Commun. Technol. 2024, 4, 474–481. [Google Scholar] [CrossRef]
  11. Almuqren, A.A. Cybersecurity Threats, Countermeasures and Mitigation Techniques on the IoT: Future Research Directions. J. Cyber Secur. Risk Audit. 2025, 2025, 1–11. [Google Scholar] [CrossRef]
  12. Alotaibi, E.; Sulaiman, R.B.; Almaiah, M. Assessment of Cybersecurity Threats and Defense Mechanisms in Wireless Sensor Networks. J. Cyber Secur. Risk Audit. 2025, 2025, 47–59. [Google Scholar] [CrossRef]
  13. Almanasir, R.; Al-solomon, D.; Indrawes, S.; Almaiah, M.; Islam, U.; Alshar’e, M. Classification of Threats and Countermeasures of Cloud Computing. J. Cyber Secur. Risk Audit. 2025, 2025, 27–42. [Google Scholar] [CrossRef]
  14. Çetin, A.; Öztürk, S. Comprehensive Exploration of Ensemble Machine Learning Techniques for IoT Cybersecurity Across Multi-Class and Binary Classification Tasks. J. Future Artif. Intell. Technol. 2025, 1, 371–384. [Google Scholar] [CrossRef]
  15. Lamture, P.; Singh, T. Navigating Digital Transformation in the US IT Industry: Building Robust Cybersecurity Frameworks for New and Emerging Technologies. Int. J. Eng. Appl. Sci. Manag. 2025, 6, 1–7. [Google Scholar] [CrossRef]
  16. Sebestyen, H.; Popescu, D.E.; Zmaranda, R.D. A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories. Computers 2025, 14, 61. [Google Scholar] [CrossRef]
  17. Alshuaibi, A.; Almaayah, M.; Ali, A. Machine Learning for Cybersecurity Issues: A Systematic Review. J. Cyber Secur. Risk Audit. 2025, 2025, 36–46. [Google Scholar] [CrossRef]
  18. Narciandi-Rodriguez, D.; Aveleira-Mata, J.; García-Ordás, M.T.; Alfonso-Cendón, J.; Benavides, C.; Alaiz-Moretón, H. A Cybersecurity Review in IoT 5G Networks. Internet Things 2025, 30, 101478. [Google Scholar] [CrossRef]
  19. Qudus, L. Advancing Cybersecurity: Strategies for Mitigating Threats in Evolving Digital and IoT Ecosystems. Int. Res. J. Mod. Eng. Technol. Sci. 2025, 7, 3195–3201. [Google Scholar] [CrossRef]
  20. Mtsweni, J.; Gcaza, N.; Thaba, M. A Unified Cybersecurity Framework for Complex Environments. In SAICSIT ’18, Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists, Port Elizabeth, South Africa, 26 September 2018; Association for Computing Machinery: New York, NY, USA, 2018; pp. 1–9. [Google Scholar]
  21. Aljumaiah, O.; Jiang, W.; Addula, S.R.; Almaiah, M.A. Analyzing Cybersecurity Risks and Threats in IT Infrastructure Based on NIST Framework. J. Cyber Secur. Risk Audit. 2025, 2025, 12–26. [Google Scholar] [CrossRef]
  22. Igwenagu, U.; Salami, A.A.; Arigbabu, A.S.; Esambe, M.C.; Oladoyinbo, T.O.; Olaniyi, O.O. Securing the Digital Frontier: Strategies for Cloud Computing Security, Database Protection, and Comprehensive Penetration Testing. J. Eng. Res. Rep. 2024, 26, 60–75. [Google Scholar] [CrossRef]
  23. Sandu, A.K. DevSecOps: Integrating Security into the DevOps Lifecycle for Enhanced Resilience. Technol. Manag. Rev. 2021, 6, 1–19. [Google Scholar]
  24. Rajapakse, R.N.; Zahedi, M.; Babar, M.A.; Shen, H. Challenges and Solutions When Adopting DevSecOps: A Systematic Review. Inf. Softw. Technol. 2022, 141, 106700. [Google Scholar] [CrossRef]
  25. Buksh, Z.; Sharma, N.A.; Chand, R.; Kumar, J.; Shawkat Ali, A.B.M. Cybersecurity Challenges in Smart Grid IoT. In IoT for Smart Grid; John Wiley & Sons, Ltd.: Hoboken, NJ, USA, 2025; pp. 175–206. ISBN 978-1-394-27940-1. [Google Scholar]
  26. National Institute of Standards and Technology. The NIST Cybersecurity Framework (CSF) 2.0; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2024; p. NIST CSWP 29. [Google Scholar]
  27. National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2018; p. NIST CSWP 04162018. [Google Scholar]
  28. NIST SP 800-53; Security and Privacy Controls for Information Systems and Organizations. National Institute of Standards and Technology: Gaithersburg, MD, USA, 2020.
  29. Stankovic, J.A. Research Directions for the Internet of Things. IEEE Internet Things J. 2014, 1, 3–9. [Google Scholar] [CrossRef]
  30. Eito-Brun, R. Incorporating Innovation Management Practices to ISO/IEC 29110. In Systems, Software and Services Process Improvement; Springer International Publishing: Cham, Switzerland, 2017; pp. 15–25. [Google Scholar]
  31. Kim, G.; Humble, J.; Debois, P.; Willis, J. The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations; IT Revolution: London, UK, 2016; ISBN 978-1-942788-07-2. [Google Scholar]
  32. Lokiny, N.; Nandanampati, R. DevSecOps: Integrating Security into DevOps with AI in Cloud. J. Sci. Eng. Res. 2020, 7, 239–242. [Google Scholar]
  33. Tissir, N.; El Kafhali, S.; Aboutabit, N. Cybersecurity Management in Cloud Computing: Semantic Literature Review and Conceptual Framework Proposal. J. Reliab. Intell. Environ. 2021, 7, 69–84. [Google Scholar] [CrossRef]
  34. ISO 27032:2023; Cybersecurity—Guidelines for Internet Security. International Organization for Standardization: Geneva, Switzerland, 2023.
  35. ISO 27001-2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. International Organization for Standardization: Geneva, Switzerland, 2022.
  36. Taherdoost, H. Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview. Electronics 2022, 11, 2181. [Google Scholar] [CrossRef]
  37. Khaleefah, A.D.; Al-Mashhadi, H.M. Methodologies, Requirements and Challenges of Cybersecurity Frameworks: A Review. Int. J. Wirel. Microw. Technol. 2024, 13, 1–13. [Google Scholar] [CrossRef]
  38. Chauhan, M.; Shiaeles, S. An Analysis of Cloud Security Frameworks, Problems and Proposed Solutions. Network 2023, 3, 422–450. [Google Scholar] [CrossRef]
  39. Awan, K.A.; Ud Din, I.; Almogren, A.; Nawaz, A.; Khan, M.Y.; Altameem, A. SecEdge: A Novel Deep Learning Framework for Real-Time Cybersecurity in Mobile IoT Environments. Heliyon 2025, 11, e40874. [Google Scholar] [CrossRef]
  40. Sandhyakumari, G.; Bharathi, M.; Madhurima, V.; Tabassum, S.; Neelima, K.; Kumar, N.A. A Dynamic Cybersecurity Framework for Energy-Efficient Internet of Things. In Convergence of Cybersecurity and Cloud Computing; IGI Global Scientific Publishing: Hershey, PA, USA, 2025; pp. 165–190. ISBN 979-8-3693-6859-6. [Google Scholar]
  41. Okegbile, S.D.; Gambo, I.P. Artificial Intelligence-Driven Security Framework for Internet of Things-Enhanced Digital Twin Networks. Internet Things 2025, 31, 101564. [Google Scholar] [CrossRef]
  42. Garousi, V.; Felderer, M.; Mäntylä, M.V. Guidelines for Including Grey Literature and Conducting Multivocal Literature Reviews in Software Engineering. Inf. Softw. Technol. 2019, 106, 101–121. [Google Scholar] [CrossRef]
  43. Semantic Scholar. AI-Powered Research Tool. Available online: https://www.semanticscholar.org/ (accessed on 10 March 2025).
  44. Krippendorff, K. Content Analysis: An Introduction to Its Methodology; SAGE Publications, Inc.: Thousand Oaks, CA, USA, 2019; ISBN 978-1-5063-9566-1. [Google Scholar]
  45. Naeem, M.; Ozuem, W.; Howell, K.; Ranfagni, S. A Step-by-Step Process of Thematic Analysis to Develop a Conceptual Model in Qualitative Research. Int. J. Qual. Methods 2023, 22, 16094069231205789. [Google Scholar] [CrossRef]
  46. Mora, M. Descripción del Método de Investigación Conceptual; Universidad Autónoma de Aguascalientes: Aguascalientes, Mexico, 2003. [Google Scholar]
  47. Torrecilla-Salinas, C.J.; De Troyer, O.; Escalona, M.J.; Mejías, M. A Delphi-Based Expert Judgment Method Applied to the Validation of a Mature Agile Framework for Web Development Projects. Inf. Technol. Manag. 2019, 20, 9–40. [Google Scholar] [CrossRef]
  48. IEC 62443; Cybersecurity Standards. International Electrotechnical Commission: Geneva, Switzerland, 2021.
  49. García-García, J.A.; Reding-Bernal, A.; López-Alvarenga, J.C. Cálculo del tamaño de la muestra en investigación en educación médica. Investig. En Educ. Médica 2013, 2, 217–224. [Google Scholar] [CrossRef]
  50. Kite, M.E.; Whitley, B.E., Jr. Principles of Research in Behavioral Science, 3rd ed.; Routledge: New York, NY, USA, 2012; ISBN 978-0-203-08521-9. [Google Scholar]
  51. Taherdoost, H. Validity and Reliability of the Research Instrument; How to Test the Validation of a Questionnaire/Survey in a Research. Int. J. Acad. Res. Manag. 2016, 5, 28–36. [Google Scholar] [CrossRef]
  52. NIST SP 800-207; NIST Zero Trust Architecture. National Institute of Standards and Technology: Gaithersburg, MD, USA, 2020.
Electronics 14 02109 g002
Figure 2. Proposed conceptual framework (a full interactive version of this framework is available online in a GitHub repository at https://researchteamcomputingsystems.github.io/cybersecurityconceptualframework/framework-en.html (accessed on 15 May 2025)).
Figure 2. Proposed conceptual framework (a full interactive version of this framework is available online in a GitHub repository at https://researchteamcomputingsystems.github.io/cybersecurityconceptualframework/framework-en.html (accessed on 15 May 2025)).
Electronics 14 02109 g002
Electronics 14 02109 g003
Figure 3. The first quadrant of the proposed framework: Identify–Plan.
Figure 3. The first quadrant of the proposed framework: Identify–Plan.
Electronics 14 02109 g003
Electronics 14 02109 g004
Figure 4. The second quadrant of the proposed framework: Protect–Build and Verify.
Figure 4. The second quadrant of the proposed framework: Protect–Build and Verify.
Electronics 14 02109 g004
Electronics 14 02109 g005
Figure 5. The third quadrant of the proposed framework: Detect–Monitor.
Figure 5. The third quadrant of the proposed framework: Detect–Monitor.
Electronics 14 02109 g005
Electronics 14 02109 g006
Figure 6. The fourth quadrant of the proposed framework: Respond and Recover–Release, Deploy, and Operate.
Figure 6. The fourth quadrant of the proposed framework: Respond and Recover–Release, Deploy, and Operate.
Electronics 14 02109 g006
Electronics 14 02109 g007
Figure 7. Demographic information from expert panel.
Figure 7. Demographic information from expert panel.
Electronics 14 02109 g007
Electronics 14 02109 g008
Figure 8. Expert panel’s affiliations by country/region and number of participants.
Figure 8. Expert panel’s affiliations by country/region and number of participants.
Electronics 14 02109 g008
Electronics 14 02109 g009
Figure 9. Experts’ opinions on foundations, methodology, objective, relevance, originality, and implementation feasibility.
Figure 9. Experts’ opinions on foundations, methodology, objective, relevance, originality, and implementation feasibility.
Electronics 14 02109 g009
Electronics 14 02109 g010
Figure 10. Experts’ opinions on potential efficacy and efficiency in practice.
Figure 10. Experts’ opinions on potential efficacy and efficiency in practice.
Electronics 14 02109 g010
Electronics 14 02109 g011
Figure 11. Initial architecture of Edge Computing and IoT environment.
Figure 11. Initial architecture of Edge Computing and IoT environment.
Electronics 14 02109 g011
Electronics 14 02109 g012
Figure 12. Edge Computing and IoT environments after proposed framework implementation.
Figure 12. Edge Computing and IoT environments after proposed framework implementation.
Electronics 14 02109 g012
Table 1. Comparison and summary of related work.
Table 1. Comparison and summary of related work.
Study Title/AuthorsFocus AreaKey ContributionsCybersecurity ApproachApplicability to IoT/Edge ComputingLimitations/Challenges
NIST Cybersecurity Framework (CSF)Risk management frameworkA structured approach to managing cybersecurity risks. Core functions: Identify, Protect, Detect, Respond, and Recover.Risk-based methodology, governance structures, continuous monitoring, and incident response.Applicable to centralized enterprise environments. Limited applicability to decentralized IoT systems.Assumes centralized control and resource-rich infrastructures, limiting adaptability for IoT.
DevSecOps IntegrationSecurity in SDLCIntegrates security practices early in the software development lifecycle (SDLC). Principles include shift-left security, collaboration, and automation.Continuous integration, automated testing, and security practices embedded in development.Highly applicable to agile, cloud-native, and dynamic systems, but less focused on strategic risk management.Focuses on tactical security; may overlook long-term risk management and governance.
Cloud Security and Risk Management [33]Cloud computing securityProposes a framework for managing cyber risks in cloud computing, integrating ISO and NIST standards.Risk management, cloud security policies, and compliance with ISO and NIST standards.Direct applicability to cloud environments, but limited focus on IoT/Edge-specific challenges.Incomplete integration for decentralized, resource-constrained environments like IoT.
Cybersecurity Standards Review [36]Cybersecurity standardsA review of widely adopted cybersecurity standards and frameworks for selecting the right framework.Analysis of standards (ISO, NIST, etc.) for securing information systems.Useful for aligning cybersecurity strategies with organizational needs, but limited focus on IoT/Edge-specific systems.Does not deeply explore IoT-specific security challenges.
Cloud Security Threats and Frameworks [37]Cloud computingExplores cloud computing security gaps and presents frameworks for improving security, trust, and data protection.Reviews ISO and NIST frameworks, focusing on cloud security.Cloud-based IoT systems can benefit, though IoT-specific risks are not deeply addressed.Limited focus on decentralized IoT environments, which require different strategies.
Integrated Cybersecurity Strategies [22]Cloud, database, penetration testingEmpirically investigates integrated strategies for cloud security, database protection, and penetration testing.Combining multiple security strategies to improve resilience against threats.Applicable to cloud-based IoT, but may not fully address real-time IoT/Edge security needs.Requires further validation in IoT/Edge contexts.
Cloud Security Frameworks Comparison [38]Cloud securityCompares various frameworks (COBIT5, NIST, ISO, CSA STAR, AWS) for securing cloud infrastructure.Detailed comparison and recommendations for cloud security frameworks.Primarily focused on cloud, but frameworks could be adapted to IoT/Edge systems requiring cloud connectivity.Focus on cloud security, not specific to IoT/Edge environments, which have unique characteristics.
SecEdge Framework for IoT [39]IoT securityProposes the SecEdge framework for IoT using transformer-based models and federated learning for real-time threat detection.AI-driven, federated learning, real-time model updates for dynamic IoT environments.Highly relevant to IoT environments, especially in real-time threat detection and data privacy.Focused on specific IoT models, may not generalize to all IoT/Edge ecosystems.
Comprehensive IoT Security Framework [40]IoT securityProposes a framework for mitigating risks like malware, DoS, and MitM in IoT. Emphasizes data privacy and regulatory compliance.Focus on data integrity, privacy, and regulatory compliance (GDPR, HIPAA).Direct relevance for securing IoT supply chains and data integrity in IoT environments.Challenges in ensuring full regulatory compliance across different regions.
AI-driven Security for DTNs [41]Delay-Tolerant Networks (DTNs)AI-driven security framework combining LSTM, transfer learning, and differential privacy for enhanced detection and privacy.AI, LSTM, and differential privacy for threat detection and privacy.Relevant for Edge and IoT systems that require real-time data processing and privacy protection.Lacks comprehensive scalability for large IoT ecosystems.
Table 2. Applications of the framework’s first quadrant in Edge Computing and IoT scenarios.
Table 2. Applications of the framework’s first quadrant in Edge Computing and IoT scenarios.
PhaseEdge ComputingIoTOutcome
Asset Identification
-
Inventory Edge devices (sensors, gateways, PLCs)
-
Map data flows
-
List software/firmware
-
Map network topology
-
Identify users/access controls
-
Catalog IoT devices (smart meters, RTUs)
-
Identify communication protocols
-
Classify data types
-
Identify integration points
-
Note regulatory requirements
Comprehensive asset inventory for risk assessment and compliance
Risk Assessment
-
Identify threats (e.g., unauthorized access, device tampering)
-
Assess vulnerabilities (e.g., outdated firmware)
-
Evaluate impact (e.g., production downtime)
-
Determine likelihood (e.g., frequency of attacks)
-
Prioritize risks based on impact and likelihood
-
Identify threats (e.g., data breaches, DDoS attacks)
-
Assess vulnerabilities (e.g., weak authentication)
-
Evaluate impact (e.g., service disruption)
-
Determine likelihood (e.g., historical attack data)
-
Prioritize risks for mitigation strategies
Comprehensive risk assessment for Edge Computing and/or IoT environment
Requirements
-
Define functional requirements (e.g., real-time data processing)
-
Specify security requirements (e.g., encryption, access control)
-
Establish performance metrics (e.g., latency, throughput)
-
Identify compliance needs (e.g., industry standards)
-
Define functional requirements (e.g., remote monitoring, data analytics)
-
Specify security requirements (e.g., device authentication, data integrity)
-
Establish performance metrics (e.g., response time, data accuracy)
-
Identify regulatory compliance (e.g., data privacy laws)
Clear and comprehensive specifications for secure system development and deployment
Collaboration and Integration
-
Identify stakeholders (e.g., IT, operations, security teams)
-
Align priorities (e.g., uptime vs. security)
-
Implement security-as-code practices (e.g., automated security checks)
-
Foster communication (e.g., regular meetings, updates)
-
Identify stakeholders (e.g., utility companies, regulators, vendors)
-
Align priorities (e.g., safety vs. innovation)
-
Implement security-as-code principles (e.g., CI/CD pipelines with security checks)
-
Facilitate knowledge sharing (e.g., workshops, training)
Strengthened collaboration and integration for functionality, compliance, and threat mitigation
Table 3. Applications of the framework’s second quadrant in Edge Computing and IoT scenarios.
Table 3. Applications of the framework’s second quadrant in Edge Computing and IoT scenarios.
PhaseEdge ComputingIoTOutcome
Security Controls
-
Implement access controls (e.g., role-based access)
-
Use intrusion detection systems (IDSs)
-
Regularly update and patch firmware
-
Enforce device authentication (e.g., certificates, tokens)
-
Use of intrusion detection systems (IDSs)
Robust security posture to protect against cyber threats
Data Protection
-
Implement data encryption (e.g., AES for stored data)
-
Use access controls (e.g., user permissions)
-
Regularly back up data (e.g., offsite storage)
-
Monitor data-access logs
-
Conduct awareness training for staff
-
Encrypt data in transit (e.g., TLS for communication)
-
Implement data integrity checks (e.g., checksums)
-
Use secure storage solutions (e.g., hardware security modules)
-
Provide training on data-handling best practices
Enhanced protection of sensitive data against unauthorized access and loss
Table 4. Applications of the framework’s third quadrant in Edge Computing and IoT scenarios.
Table 4. Applications of the framework’s third quadrant in Edge Computing and IoT scenarios.
PhaseEdge ComputingIoTOutcome
Real-Time Monitoring
-
Implement vulnerability scanning tools (e.g., regular scans of Edge devices)
-
Set up threat detection systems (e.g., anomaly detection)
-
Configure real-time alerts for suspicious activities
-
Monitor system performance metrics
-
Conduct regular security audits
-
Deploy IoT security monitoring solutions (e.g., device behavior analysis)
-
Implement threat detection algorithms (e.g., machine learning)
-
Set up alerts for data anomalies
-
Monitor network traffic for unusual patterns
-
Conduct incident response drills
Enhanced visibility of security posture and rapid response to threats
Log Management
-
Collect logs from all Edge devices (e.g., sensors, gateways)
-
Store logs securely (e.g., centralized logging server)
-
Analyze logs for anomalies (e.g., unusual access patterns)
-
Correlate logs with threat intelligence
-
- Retain logs per compliance requirements
-
Encrypt data in transit (e.g., TLS for communication)
-
Implement data integrity checks (e.g., checksums)
-
Collect logs from IoT devices (e.g., smart meters, RTUs)—store logs in a secure, scalable solution (e.g., cloud storage)
-
Analyze logs for security incidents (e.g., unauthorized access)—correlate logs with external threat data
-
Ensure log retention aligns with regulatory requirements
Comprehensive log management strategy to enhance security and operational visibility
Table 5. Applications of the framework’s fourth quadrant in Edge Computing and IoT scenarios.
Table 5. Applications of the framework’s fourth quadrant in Edge Computing and IoT scenarios.
PhaseEdge ComputingIoTOutcome
Delivery
-
Implement CI/CD pipelines for application deployment
-
Automate testing (e.g., unit, integration tests)
-
Integrate security checks (e.g., static code analysis
-
Use containerization for consistent environments
-
Monitor deployment for issues
-
Establish CI/CD pipelines for IoT applications—automate testing of firmware and software updates
-
Use version control for configuration management
-
Monitor deployments for performance and security
Streamlined and secure application delivery process, enhancing deployment efficiency and security throughout lifecycle
Log Management
-
Develop an incident response plan (e.g., roles, responsibilities)
-
Establish communication protocols (e.g., internal and external notifications)
-
Conduct regular incident response drills
-
Implement backup and recovery procedures
-
Review and update the plan post incident
-
Create an incident response framework (e.g., detection, analysis, containment)
-
Define recovery strategies (e.g., failover systems)
-
Train staff on incident response procedures
-
Monitor and log incidents for analysis
-
Update response plans based on lessons learned
Comprehensive response and recovery strategy to mitigate security incidents and ensure system resilience
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Reyes-Acosta, R.E.; Mendoza-González, R.; Oswaldo Diaz, E.; Vargas Martin, M.; Luna Rosas, F.J.; Martínez Romo, J.C.; Mendoza-González, A. Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments. Electronics 2025, 14, 2109. https://doi.org/10.3390/electronics14112109

AMA Style

Reyes-Acosta RE, Mendoza-González R, Oswaldo Diaz E, Vargas Martin M, Luna Rosas FJ, Martínez Romo JC, Mendoza-González A. Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments. Electronics. 2025; 14(11):2109. https://doi.org/10.3390/electronics14112109

Chicago/Turabian Style

Reyes-Acosta, Ricardo Emmanuel, Ricardo Mendoza-González, Edgar Oswaldo Diaz, Miguel Vargas Martin, Francisco Javier Luna Rosas, Julio César Martínez Romo, and Alfredo Mendoza-González. 2025. "Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments" Electronics 14, no. 11: 2109. https://doi.org/10.3390/electronics14112109

APA Style

Reyes-Acosta, R. E., Mendoza-González, R., Oswaldo Diaz, E., Vargas Martin, M., Luna Rosas, F. J., Martínez Romo, J. C., & Mendoza-González, A. (2025). Cybersecurity Conceptual Framework Applied to Edge Computing and Internet of Things Environments. Electronics, 14(11), 2109. https://doi.org/10.3390/electronics14112109

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop