Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Cybersecurity aspects of blockchain and cryptocurrency

69 vues

Publié le

Slides from Tony Martin-Vegue's presentation at PRMIA 2018 Risk Management and Regulatory Compliance Round Table in San Francisco, CA | April 11, 2018

"Cybersecurity Aspects of Blockchain and Cryptocurrency"

Abstract:
Many companies are considering blockchain technologies to make transactions faster, more secure and cost effective. If you are performing risk analysis on these emerging technologies, you ask be asking yourself: how do I even start to analyze risk when there are so many unknowns? A successful analysis requires a paradigm shift in thinking into two areas: casting aside the defense-in-depth metaphor to describe security controls; and, how we assess and analyze risk of new and emerging technologies that have a high degree of uncertainty.

This talk will cover how to reframe your assessments for emerging technologies, such as blockchain, and how risk quantification methodologies such as Factor Analysis of Information Risk (FAIR) can help answer some of these questions and produce a credible risk assessment.

Publié dans : Économie & finance
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Cybersecurity aspects of blockchain and cryptocurrency

  1. 1. Cybersecurity Aspects of Blockchain and Cryptocurrency
  2. 2. About Me Tony Martin-Vegue @tdmv • 20 years in Technology; last 10 in Cyber Risk • FAIR practitioner for about 7 years now • Reside in the Bay Area
  3. 3. Book chapter… “Cyber Risk Quantification of Financial Technology”
  4. 4. Paradigms Emerging Risks
  5. 5. From the “Today Show,” 1994 “What is Internet, Anyway?”
  6. 6. Paradigm Shifts
  7. 7. Users Databases Resources Traditional Defense-In- Depth
  8. 8. UsersDatabases Resources New Normal
  9. 9. There is no cloud. Just someone else’s computer
  10. 10. …blockchain is just someone else’s database.
  11. 11. Traditional Defense-In-Depth Beyond the Hard Perimeter • Clear perimeter • Policy enforcement points • Company-controlled hardware, software, data • Access-control based trust models • Compliance: easy to define • Fuzzy or no perimeter • Enforcement points: not applicable • “Ownership” is decentralized • Zero-trust • Still figuring compliance out
  12. 12. Emerging Risks
  13. 13. The Strange Case of Mt. Gox (or, how forgetting the fundamentals can really hurt)
  14. 14. “The One Patch Most Needed in Cybersecurity”

×