This research evaluates complexity of proper security implementation in embedded devices that possess additional challenge of constrained operational environment – e.g. limited memory, limited processing power and limited energy consumption. Term complexity express ability (or lack of) to implement appropriate security mechanisms, without need for hardware design changes or time-consuming software modifications.Actual security requirements are analysed according to ISO/IEC 27001:2013 standard and implemented in publicly available open-source embedded devices and prototypes created during this research. Implementation outcomes are evaluated against previously listed complexity attributes.Second analysis is performed on data gathered through resource measurements during security requirement implementation and additional experiments. It will attempt to identify relation between additional instructions processing (program code execution) against energy consumption.Important part of this research consists of practical experiments that are performed with both open-source and commercial hardware. Device operation is tested with applied security measures and without them. Energy consumption is measured 100 to 25000 times per second depending on each case. The results give an insight on what is required for security implementation on embedded devices and what are the implications.