In our previous work, we analysed IoT devices and investigated the threat of vulnerable IoT devices compromised by malware by means of the proposed IoTPOT (honey) and IoTBOX (sandbox). In this paper, based on the previous work mentioned above, on vulnerable IoT devices which are owned by individuals without any management, we propose two types (approaches) of security controls for the less-controlled IoT devices. Recognising the current situation wheremany vulnerable IoT devicesare already infected by several types of malware, the first approach proposes a security solution to remove malware from infected IoT devices, or to stop the activation of malware (deletion of registry, exe, or scheduler). In the second approach, in order to develop general security controls which are commonly applicable, the development of a security function for updating software/firmware modules located in IoT devices is proposed. This security solution provides an initial secure software/firmware update procedure based on the secure software update procedure for ECUs (Electronic Control Units) in an ITS (Intelligent Transportation System) which has been developed in an ITU-T (International Standardization Body) as proposed by authors of this paper. Finally, a list of research topics for the IoT environment is provided forfuture collaborative research.