The rapid growth in the number of connected Internet of Things devices creates new challenges in the field of cybersecurity: the lack of a unified quantitative assessment framework for IoT device security complicates informed decision-making during their design, procurement, integration, and auditing. This paper proposes the theoretical and methodological foundations of a multi-criteria approach for evaluating the security level of IoT devices based on a hybrid integration of the Analytic Hierarchy Process and the Technique for Order Preference by Similarity to Ideal Solution. The proposed methodology consists of five sequential stages: (1) formation of a hierarchical system of security criteria based on the requirements of international standards ETSI EN 303 645 v3.1.3 and NIST IR 8425; (2) pairwise comparison of criteria using the Saaty scale with consistency verification (CR ≤ 0.10); (3) normalization of the device evaluation matrix; (4) construction of the weighted normalized matrix and calculation of the integrated security index using TOPSIS; and (5) development of an interpretation scale with corresponding recommendations. The system of criteria includes seven measurable indicators grouped into four functional categories: authentication, secure communication, update management, and data protection. Each criterion is explicitly mapped to specific requirements of ETSI EN 303 645 and NIST IR 8425, ensuring the regulatory relevance of the methodology. The complete mathematical framework – from pairwise comparison matrix construction and priority vector calculation to Euclidean distance computation and closeness coefficient estimation – is presented as a step-by-step algorithm with corresponding formulas. The proposed methodology serves as a practical tool for security auditing, secure IoT system design, and formalized decision support in the field of IoT cybersecurity.
Fesioha et al. (Fri,) studied this question.