X-Frame-Options: DENY




The IoT Security Initiative (formerly M2iSF) is a not-for-profit collaboration of security and industry professionals coming together around the common goal of improving the state of embedded system security in all facets of industry use.  We promote security and privacy in an IoT world. 

The IoT Security Initiative aims to foster a pragmatic, secure-by-design approach to IoT cybersecurity based on our leading-edge risk model and deep understanding of the technology threat around embedded device and connected cloud technologies.

Armed with this information, we hope that companies will have a greater opportunity to overcome security and privacy stumbling blocks by timely designing and implementing the proper measures and safeguards into their IoT and cyber solutions.

our purpose

The purpose of the IoT Security Initiative is to provide helpful and comprehensive security and privacy information to product manufacturers, companies, and government institutions deploying IoT and M2M systems. 

Our mission is to drive and promote a common approach to solid security practices for the ever-changing IoT technology space. 
Our goal is to create a broad, high-level, yet comprehensive security framework that could be used by both product and security practitioners to better determine what security measures to consider when designing and deploying these systems.

Our objective is to be the preeminent resource for industry-leading security best practices and guidelines for implementing and operating secure IoT and M2M solutions . . . from endpoint . . . to cloud service . . . to Enterprise.


why it is important

When considering security requirements for IoT and M2M products and services, it is important to keep in mind the entire system: the sensors and smart nodes, gateways, communications, web services, servers, and users involved along the system chain.  A system security failure in any of these areas could produce varying levels of threat and business risk, both immediate and long term.

It is also important to take a balanced and blended approach regarding security-by-design and defense-in-depth practices and measures.  If devices and cloud services are not serving critical functions and not handling sensitive data, too much security protection could result in needless complexity as well as higher production and unit costs.  If they are serving or operating in a critical role, however, such as holding important data or perhaps just being merely intriguing and accessible technology, then the need for added layers of security protection can be paramount.



No information contained on this site should be considered prescriptive for any particular solution or product by any company or individual.  No claims, assurances or warranty is afforded to anyone given the information found on this site.  Use of this information is for educational purposes only.  You are entirely responsible for your own security and safeguards used with your products and services regardless of the content on this site.  By consuming and making use of information on this site you agree to hold harmless this site’s owners and operators in all matters concerning this sites content and its use. 

You are not permitted to reuse the information and images on this site except within the defined confines of Creative Commons BY-NC-SA 4.0 - and with written notification to this site's owners.

Should you have a question, concern or point of contention please contact us using the form below.




We encourage you to reach out and say hello, give us good/bad feedback, or point out errors using the form below.

Name *