Internet of Things (IoT) provides a huge business value for customers, organizations, and governments due to the developments of so many applications in different sectors like energy and healthcare. Nevertheless, as a new emerging technology, IoT faces several security concerns that are more challenging than conventional Internet because of its limited resources as well as its complex ecosystem. Toward this end, we first highlight IoT security challenges and briefly discuss its security goals like confidentiality and integrity. Second, we discuss the most common attacks against IoT, along with their violated security goals. We also review the existing frameworks of security and privacy guidelines for IoT and illustrate their shortcomings. Third, we propose a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificate (SLC) for IoT objects based on their hardware capabilities and protection measures. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five main phases.