The ubiquitous connectivity of “things” in the Internet of Things, and fog computing systems, presents a stimulating setting for innovation and business opportunity, but also an immense set of security threats and challenges. Security engineering for such systems must take into consideration the peculiar conditions under which these systems operate: low resource constraints, decentralized decision making, large device churn, etc. Thus, techniques and methodologies of building secure and robust IoT/fog systems have to support these conditions. In this paper, we are presenting the CAAVI-RICS framework, a novel security review methodology tightly coupled with distributed, IoT and fog computing systems. With CAAVI-RICS we are exploring credibility, authentication, authorization, verification, and integrity through explaining the rationale, influence, concerns and security solutions that accompany them. Our contribution is a through systematic categorization and rationalization of security issues, covering the security landscape of IoT/fog computing systems. Additionally, we contribute to the discussion on the aspects of fog computing security and state-of-the-art solutions.