Global Cybersecurity Blockchain Group
- 1. Cybersecurity Best Practices for Blockchain Technology Maëva Ghonda Group Leader
- 2. Global Cybersecurity Group for Blockchain Tech • Innovation Process: Agile Systems Engineering • 210 Cybersecurity Experts Worldwide • Multidisciplinary Expertise: Artificial Intelligence, Quantum Information Science, Cryptocurrency, etc. • Public-Private Collaboration • Affiliations: Facebook, Google, Amazon, EY, IBM, HPE, JPMorgan Chase, KPMG India, Stimson Center, Mastercard, City of Toronto, PwC, Capgemini, Manulife, HSBC, Ford Motor Company, Deloitte, American Airlines, ING, Roche, Walmart, Accenture, Cisco, Blue Cross Blue Shield, McDermott Will & Emery, Panama National Authority for Government Innovation, Tata, University of Prishtina, Halliburton, Fayoum University, Conduent, Zendesk, King Saud University, Siemens, Cloudflare, Citrix, Oracle, Sasol,NOKIA, Cognizant, MongoDB, etc. 210
- 3. Cybersecurity Blockchain Group Global Distribution
- 4. Program Leads Review and Section Leads Q&A
- 5. Blockchain Networks • Blockchain Platform (90%) • Blockchain as a Service (90%) • SaaS with Blockchain (55%) Blockchain Types • Public Blockchain (70%) • Permissioned Blockchain (85%) Focus Areas Domains • Governance (95%) • Architecture (85%) • Transaction Layer (90%) • Operation Layer (80%) • Infrastructure (65%) • Highlight survey results. • Discuss next steps. • Agree on next catch-up time. Scope Statement: The Global Cybersecurity Blockchain Best Practices Group provides guiding principles to enable security integration during the adoption of Blockchain technologies. Agenda Items Top 3 Updates – Achievements, Highlights and Next Steps • 28 volunteers identified from our last call. • 20 responses were collected from 2nd survey. • Governance & Transaction Layer scored the highest (90%). Survey Highlights • Request for Comments – Document Outline. • Assign document section leaders/authors. • Create an Idea Lab Form to collect ideas. Next Steps Survey Results – Details – Results with at least 65% of respondents Governance Architecture & Infra. Layer Operation Layer Transactional Layer Risk Assessment 3rd Party Evaluation Platform Evaluation Technology Evaluation Encryption Elevated Admin Access Backup & Recovery Technology Mapping Data Immutability Pseudonymity Protection Automation Compliance Requirements Smart Contracts Crypto Exchange Servers & Databases Permission Network Industry Frameworks APIs & Technology Integration CSA Domains – In-scope • AIS (80%) • AAC (70%) • CCC (75%) • DSI (90%) • EKM (95%) • GRM (85%) • IAM (85%) • IVS (65%) • SEF (70%) • TVM (80%) Other areas to include • Market Industrial Sector • Global Regulation Coverage & its impact
- 6. Cybersecurity Best Practices for Blockchain Technology Execution Phase and Timeline Review
- 7. We have completed the Proposal & Approval phases. June 2020 - We are now in the Execution phase. Research is approved and our official working group is formed. Main activities are developing our plans, setting key milestones & dates, agreeing on research structure and beginning the writing process. Our goal is to complete this phase by November 30th, 2020.
- 8. Our main objective is to create a completed draft to be released for the CSA community for peer review. Our goal is for us to issue the completed draft by November 30th, 2020. This will allow us to begin the peer review process by January 2021.
- 9. May – June 2020 August – September 2020 June – August 2020 October – November 2020 • Complete scoping and document layout. • Assign content lead authors to each section. • Establish a communication plan, including Teams. • Collect working group comments for a period of 2- weeks. • Lead section authors to address comments with subject matter experts. • Finalize Version 0.5 for release. • Begin the writing process; lead authors to start research process. • Schedule monthly meeting and monitor progress. • Draft version 0.5 by August 3rd to be ready for working group release. • Begin the writing process of the version 1.0. • Draft version 1.0 for community release by October 30th. • Finalize Version 1.0 to be ready for peer review by November 30th . Execution Phase: Key Milestones Scoping Version 0.5 release Version 0.5 with comments Version 1.0 release Peer Review Phase Execute Phase
- 10. Global Cybersecurity Group Structure: Best Practices for Blockchain Technology Maëva Ghonda Group Leader Project Management ● Loredana Mancini* ● <PM Role 2> ● <PM Role 3> Governance, Risk Management, Compliance ● Nabeel Shamsi* ● Ashish Mehta* ● Roupe Sahans ● Vishnupriya P T Transaction Layer ● Gaurav Khanna* ● Urmila Nagvekar* ● Nnamdi Osuagwu ● <Crypto Exchange> Operational Layer ● Siddharth Durbha* ● Yash Mantha* ● <Incident Management> Architecture ● Frederic de Vaulx* ● Madhavsai Chowdary ● <Network Security> ● <Encryption> Case Studies ● Douglas Capellman* ● Loredana Mancini ● Salman Baset Advisory Board ● <Cybersecurity> ● <Privacy> ● <Legal> ● <Technology> Technical Editors ● <Editor 1> ● <Editor 2> ● <Editor 3> ● <Editor 4> ● <Editor 5> Program Leads * Section Leaders <> Open Roles ● Anjlica Malla ● Mostafa Elghazaly
- 11. Blockchain Cybersecurity Best Practices Case Study Research Design Dr. Doug Capellman, CISSP
- 12. Case study research approach ⚫ The case study will be used to examine a case, bounded in time and place, and will look for background material about the setting of the case. ⚫ Extensive material will be gathered from multiple sources of information in order to provide an in-depth picture of the case. ⚫ It will present an in-depth understanding of the case, will cover multiple sources, and then draw a single set of cross-case conclusions.
- 13. What the case study will accomplish This study will accomplish the following: ⚫ Explain the presumed contributing association in real-world interventions that are too complex for survey or experimental methods. ⚫ Describe an intervention and the real-world context in which it occurred. ⚫ Illustrate certain topics within an evaluation in a descriptive mode. ⚫ Explain situations in which the intervention being evaluated has no clear, single set of outcomes.”
- 14. Case study scope: ⚫ The case for this study is blockchain cybersecurity best practices. ⚫ This “case” was a bounded system (blockchain cybersecurity best practices), bounded by time (one month of data collection) and place (industry security requirements and blockchain use cases). ⚫
- 15. Case study intentions: ⚫ The intent is to report a single, instrumental case study. ⚫ Thus, we are interested in exploring the issue of blockchain cybersecurity best practices and using multiple cases from many industries to illustrate the security best practices and use cases.
- 16. Case study data collection: ⚫ We will use extensive information from multiple sources during the data collection process to provide a detailed in- depth understanding of blockchain cybersecurity best practices. ⚫ A table of data collection sources will be documented and will convince readers of the in-depth picture that we built.
- 17. Case study data analysis: ⚫ In the data analysis, we will describe the background/setting and establish the case for blockchain cybersecurity best requirements. ⚫ We will present several themes (data leakage, compliance risks, perimeter protection risks, etc.) which will help us to understand the case. ⚫ The themes will not be presented as an order of events because they are all important.
- 18. Case study claims and conclusions: ⚫ The case study analysis will present claims relating to industry security requirements and blockchain use cases. ⚫ The hope is to further ground the assertions in current literature that also addresses blockchain cybersecurity best practices. ⚫ From the literature review, the case study will explain and support the descriptive analyses.