Vulnerability Management and Policy Development for Raspberry Pi Devices in the STMicroelectronics Network

IoT devices represent a key technology in modern industry, providing intelligent, flexible, and efficient solutions for data collection and processing. In the manufacturing sector, and particularly within STMicroelectronics, their adoption is increasingly critical to operational efficiency. This thesis focuses on the development and implementation of a vulnerability management system for Raspberry Pi devices integrated into STMicroelectronics’ network. The work begins with an analysis of international cybersecurity best practices and standards, followed by several case studies of real vulnerabilities. For each case, the potential impact, applied mitigation or remediation strategy, and the rationale behind each decision are discussed, always considering the company’s operational and business requirements. An additional outcome of this research is the creation of an internal policy defining the procedure for securely integrating new Raspberry Pi devices into the corporate network. This policy specifies the necessary steps, responsibilities, and roles, supported by the development of a RACI matrix to ensure clear accountability.