Due to the ease and cost of developing IoT devices as well as to the high adoption rate of smart connected things, the IoT ecosystem is expected to grow continually. Some IoT applications are already on the market, such as in a smart home, wearable, connected vehicle, medical and healthcare, smart grids, and so on. However, the increasing use of IoT, especially in the individual domain, causes the opening of security vulnerabilities. Various studies have attempted to identify security issues on IoT. Many studies indicate that data privacy is one of the primary considerations in IoT because of the high possibility of creating security risks, such as unauthorized access, tapping, data modification, data forgery and so on. Some IoT services and applications provide personal and sensitive information openly and can be misused because of the leakage of data to third parties. Several studies state that the enforcement mechanism of IoT is still inadequate. Besides, there are issues such as identification problems, authentication and authorization, and cross-device dependencies. From the various vulnerabilities, threat sources have been identified by previous researchers apart from bad manufacturers and outside parties, namely IoT users themselves as owners of devices that intentionally or unintentionally provide access to sensitive information. From that case, user awareness becomes a critical aspect of the IoT ecosystem. Some countries are known to have prepared themselves with strategies and master plans in dealing with the IoT era. This study seeks to identify what efforts have been made by the government and other stakeholders in promoting IoT security for end-users in various countries and what best practices can be learned from existing initiatives, and what aspects might still need further research.