Although this white paper is not IoT-focused it’s comprehensive and well thought out. In particular is the emphasis on making security a top priority from top down in an organization. I like this quote “Here’s part of the problem: Too often security remains one step removed from the officers and directors of the company. Security is seen as a technology issue. But security is first and foremost a people issue.” In fact, security is often foisted to software development teams as in “fix the security, or else.” The recommendations here are excellent and apply to all industries: Make sure security is the CEO’s responsibility, adopt a risk driven approach, appoint someone to champion security (and give them authority), and get outside help.