first defining an appropriate scope, then designing appropriate security controls to support that scope, and only then implementing specific security controls. Implementing security controls without conducting the scope and control design processes is a surefire way to fail an ISO 27001 or SOC 2 ...
This research was done as a part of a master thesis with the goal to review the security of internet-connected baby monitor devices. A future blog post is going to cover further vulnerabilities identified in the Kalay Platform which potentially affect millions of devices. Next to this we expect...