Systematic Analysis and Comparison of Security Advice Datasets

A long list of documents have been offered as security advice, codes of practice, and security guidelines for building and using security products, including Internet of Things (IoT) devices. To date, little or no systematic analysis has been carried out on the advice datasets themselves. Contributing in this direction, we begin with an informal analysis of two documents offering advice related to IoT security -- the ETSI Provisions and the UK DCMS Guidelines -- and then carry out what we believe is the first systematic analysis of these advice datasets. Our analysis explains in what ways the ETSI Provisions are a positive evolution of the UK DCMS Guidelines. We also suggest aspects of security advice that might be given special attention by those offering security advice.