Briliyant, Obrina, Javed, Amir  ORCID: https://orcid.org/0000-0001-9761-0945 and Cherdantseva, Yulia ORCID: https://orcid.org/0000-0002-3527-1121
2025.
Beyond automation gap: a survey on continuous compliance audit for IoT security.
Computers and Security
|
Abstract
Despite decades of research into automated security compliance tools, only 18% of organizationsactually use them. This gap between academic innovation and real-world adoption is particularly an issue for Internet of Things (IoT) environments, where the sheer volume of connected devices makes manual security auditing challenging. This review investigates why computer-assisted auditing technologies fail to gain traction in practice. We trace the evolution of compliance automation and reveal a fundamental disconnect. Our analysis introduces a human-centered framework that systematically categorize current technologies and identifies where each falls short of auditor needs. Rather than pursuing ever-more sophisticated automation, we argue that effective compliance tools must augment human expertise through collaborative human-computer interaction. The review synthesizes diverse approaches across formal methods, network analysis, and regulatory frameworks, consistently finding that technical excellence alone cannot bridge the implementation gap. We conclude by presenting a research roadmap that guides security researchers toward building practically viable solutions, ones that leverage strong academic foundations while addressing the urgent, real-world need for continuous IoT security auditing,
| Item Type: | Article |
|---|---|
| Status: | In Press |
| Schools: | Schools > Computer Science & Informatics |
| Publisher: | Elsevier |
| ISSN: | 1872-6208 |
| Related URLs: | |
| Last Modified: | 08 Oct 2025 15:45 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/181387 |
Actions (repository staff only)
 |
Edit Item |
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)