nach oben

International Journal of Information Security

Erschienen in:

13.12.2023 | Regular Contribution

Blockchain-based multi-organizational cyber risk management framework for collaborative environments

verfasst von: Habib El Amin, Lina Oueidat, Maroun Chamoun, Abed Ellatif Samhat, Antoine Feghali

Erschienen in: International Journal of Information Security | Ausgabe 2/2024

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Along with the increasing damage of cyberattacks, cyber risk management remains one of the most crucial proactive measures. Risk management aims to identify potential risks, evaluate their attributes, and implement countermeasures to reduce their damages. The cyber security industry and the research literature have established frameworks and platforms for cyber risk management. However, a risk management framework is required to ensure a practical and secure service for multiple collaborating organizations. In this paper, we overview numerous risk management frameworks and platforms established for various sectors. Then, we investigate the security issues facing the established platforms. After that, we propose a decentralized framework for cyber risk management using blockchain technology in order to serve multiple organizations including governmental ones. In addition, we present a proof of concept implementation using Hyperledger Fabric.

Vorheriger Artikel Generating ICS vulnerability playbooks with open standards

Nächster Artikel TL-BILSTM IoT: transfer learning model for prediction of intrusion detection system in IoT environment

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Agence Nationale de la Sécurité des Systèmes d’Information: Publication : La méthode EBIOS Risk Manager - Le guide. Tech. Rep. ANSSI-PA-048-EN, Agence Nationale de la Sécurité des Systèmes d’Information, ANSSI – 51, boulevard de la Tour-Maubourg – 75 700 PARIS 07 S (2019)

Agile risk manager | ebios risk manager software | all4tec. https://www.all4tec.com/en/ebios-risk-manager-certified-solution-agile-risk-manager/. Accessed on 04-08-2021

Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y., et al.: Hyperledger fabric. Proceedings of the Thirteenth EuroSys Conference (2018). https://doi.org/10.1145/3190508.3190538

Breu, C.S.B.: A framework for the management of intra-organizational security process standardization. Enterprise Interoperability: Interoperability for Agility, Resilience and Plasticity of Collaborations (I-ESA 14 Proceedings) p. 250 (2015)

Brunner, M., Mussmann, A., Breu, R.: Introduction of a tool-based continuous information security management system: an exploratory case study. In: 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE (2018). https://doi.org/10.1109/qrs-c.2018.00088

Brunner, M., Sillaber, C., Breu, R.: Towards automation in information security management systems. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). IEEE (2017). https://doi.org/10.1109/qrs.2017.26

Bsi-standard 200-2: It-grundschutz-methodology. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2002_en_pdf.html. (Accessed on 04/02/2023)

BÜBER, E., ŞAHİNGÖZ, Ö.K.: Blockchain based information sharing mechanism for cyber threat intelligence. Balkan J. Electric. Comput. Eng. 8, 242–253 (2020)

Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing octave allegro: Improving the information security risk assessment process. Tech. Rep. CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2007). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419

10.

Cheng, L., Liu, F., Yao, D.: Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplin. Rev.: Data Mining and Knowledge Dis. 7(5), e1211 (2017)

11.

Cuff, G., Edmonds, J.: Building a secure inter-institutional data sharing platform with blockchain. (2020)

12.

of Cybersecurity, L.H.: Risk assessment optimisation with monarc (2022). https://www.monarc.lu/publications/risk-assessment-optimisation-with-monarc/. Accessed on 25-04-2023

13.

El Amin, H.: Risk Management Framework using Blockchain (2022). https://git.io/J9Cfu

14.

Elisa, N., Yang, L., Chao, F., Cao, Y.: A framework of blockchain-based secure and privacy-preserving e-government system. Wireless Netw. (2018). https://doi.org/10.1007/s11276-018-1883-0CrossRef

15.

Giuca, O., Popescu, T.M., Popescu, A.M., Prostean, G., Popescu, D.E.: A survey of cybersecurity risk management frameworks. In: International Workshop Soft Computing Applications, pp. 240–272. Springer (2018)

16.

Haji, S., , Tan, Q., Costa, R.S., and: A hybrid model for information security risk assessment. International Journal of Advanced Trends in Computer Science and Engineering pp. 100–106 (2019). 10.30534/ijatcse/2019/1981.12019. https://doi.org/10.30534/ijatcse/2019/1981.12019

17.

Huang, Y., Debnath, J., Iorga, M., Kumar, A., Xie, B.: Csat: A user-interactive cyber security architecture tool based on nist-compliance security controls for risk management. In: 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp. 0697–0707. IEEE (2019)

18.

Hussain, M.A., Abd Latiff, M.S., Madni, S.H.H., Rasi, R.Z.R.M., Othman, M.F.I.: Concept of blockchain technology. Int. J. Innovative Comput. 9(2) (2019)

19.

Hyperledger caliper documentation. https://hyperledger.github.io/caliper/v0.4.2/getting-started/. Accessed on 06/09/2021

20.

IBM: Cost of a data breach report 2021. https://www.ibm.com/security/data-breach(2021). https://www.ibm.com/security/data-breach. IBM Corporation

21.

Imran, S., Hyder, I.: Security issues in databases. In: 2009 Second International Conference on Future Information Technology and Management Engineering, pp. 541–545. IEEE (2009)

22.

Initiative, J.T.F.T.: Guide for conducting risk assessments. Tech. Rep. NIST SP 800-30r1, National Institute of Standards and Technology, Gaithersburg, MD (2012). 10.6028/NIST.SP.800-30r1. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

23.

International Organization for Standardization: Information Technology. Security Techniques. Information Security Risk Management: ISO/IEC 27005: 2018. International Organization for Standardization (2018)

24.

Ionita, D.: Current established risk assessment methodologies and tools. Master’s thesis, University of Twente (2013)

25.

Information risk assessment methodology 2(iram2) (2021). https://www.securityforum.org/solutions-and-insights/information-risk-assessment-methodology-iram2/

26.

Eu itsrm, it security risk management methodology v1.2 (2020). https://ec.europa.eu/info/publications/security-standards-applying-all-europeancommission-information-systems_en

27.

Jeong, J., Kim, D., Lee, B., Son, Y.: Design and implementation of a digital evidence management model based on hyperledger fabric. J. Inform. Process. Syst. 16(4), 760–773 (2020)

28.

Lambrinoudakis, C., Gritzalis, S., Xenakis, C., Katsikas, S., Karyda, M., Tsochou, A., Papadatos, K., Rantos, K., Pavlosoglou, Y., Gasparinatos, S., et al.: Compendium of risk management frameworks with potential interoperability: Supplement to the interoperable eu risk management framework report. Athens, Greece, European Union Agency for Cybersecurity (ENISA) (2022)

29.

Ma, S., Hao, W., Dai, H.N., Cheng, S., Yi, R., Wang, T.: A blockchain-based risk and information system control framework. In: 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, pp. 106–113 (2018). https://doi.org/10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00031

30.

McLennan, M.: The global risks report 2021 16th edition (2021)

31.

Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review p. 21260 (2008)

32.

Neupart Risk Management. https://www.neupart.com/products. Accessed on 04-08-2021

33.

Ozkan, S., Karabacak, B.: Collaborative risk method for information security management practices: a case context within turkey. Int. J. Inf. Manage. 30(6), 567–572 (2010)CrossRef

34.

RSA Archer Platform. https://www.rsa.com/de-de/products/integrated-risk-management/archer-platform. Accessed on 04-08-2021

35.

Salman, T., Zolanvari, M., Erbad, A., Jain, R., Samaka, M.: Security services using blockchains: a state of the art survey. IEEE Commun. Surv. Tutorials 21(1), 858–880 (2018)CrossRef

36.

Schmitz, C., Pape, S.: Lisra: lightweight security risk assessment for decision support in information security. Comput. Security 90, 101656 (2020)CrossRef

37.

Shalaby, S., Abdellatif, A.A., Al-Ali, A., Mohamed, A., Erbad, A., Guizani, M.: Performance evaluation of hyperledger fabric. In: 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), pp. 608–613. IEEE (2020)

38.

Wood, G., et al.: Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014), 1–32 (2014)

39.

Yuan, P., Xiong, X., Lei, L., Zheng, K.: Design and implementation on hyperledger-based emission trading system. IEEE Access 7, 6109–6116 (2018)CrossRef

Titel: Blockchain-based multi-organizational cyber risk management framework for collaborative environments
verfasst von: Habib El Amin
Lina Oueidat
Maroun Chamoun
Abed Ellatif Samhat
Antoine Feghali
Publikationsdatum: 13.12.2023
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 2/2024
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-023-00788-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2024

Publisher Correction: PPAM-mIoMT: a privacy-preserving authentication with device verification for securing healthcare systems in 5G networks

An efficient user authentication and key agreement scheme for wireless sensor networks using physically unclonable function

A systematic mapping study on security for systems of systems

Maritime cybersecurity: protecting digital seas

A perspective–retrospective analysis of diversity in signature-based open-source network intrusion detection systems

Generating ICS vulnerability playbooks with open standards

Premium Partner