Security is a moving target. With IoT landscape rapidly evolving and everything getting connected, IoT security management is garnering paramount focus. In the ISACA Journal author blog I have referred to the following steps to address this risk holistically:
Stay abreast and leverage, where necessary, the latest IoT standards, frameworks and regulations.
As proposed in the ISACA Journal, Volume 3, 2017 article, follow the 2-prong approach of offense and defense to implement security by design for the IoT infrastructure.
Develop a robust IoT governance and risk management strategy.
Foster IoT security culture as part of the overall security program maturity.
Regulating the IoT industry would greatly expedite this process.