As Internet of Things(IoT) involvement increases in our daily lives, several security and privacy concerns arise which stem from two main contributing factors. One is IoT lacks a building-blocked reference model in which a common ground and enabler technologies of IoT can be understood and identified. The other factor is the absence of widely-accepted IoT security and privacy guidelines and their appropriate implementation techniques for the previously mentioned enabler technologies. Therefore, our work is divided into three parts. First, we propose a novel four-layered IoT reference model based on building blocks strategy, in which IoT asset-based attack surface is divided into four main components or layers. Second, we propose a framework of security and privacy guidelines for each IoT asset mentioned above, which can be utilized to reinforce IoT security and privacy by design. Third, we propose a novel five-phase methodology for securing IoT objects based on their Security Level Certificates (SLCs).