O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Cybersecurity aspects of blockchain and cryptocurrency

48 visualizações

Publicada em

Slides from Tony Martin-Vegue's presentation at PRMIA 2018 Risk Management and Regulatory Compliance Round Table in San Francisco, CA | April 11, 2018

"Cybersecurity Aspects of Blockchain and Cryptocurrency"

Abstract:
Many companies are considering blockchain technologies to make transactions faster, more secure and cost effective. If you are performing risk analysis on these emerging technologies, you ask be asking yourself: how do I even start to analyze risk when there are so many unknowns? A successful analysis requires a paradigm shift in thinking into two areas: casting aside the defense-in-depth metaphor to describe security controls; and, how we assess and analyze risk of new and emerging technologies that have a high degree of uncertainty.

This talk will cover how to reframe your assessments for emerging technologies, such as blockchain, and how risk quantification methodologies such as Factor Analysis of Information Risk (FAIR) can help answer some of these questions and produce a credible risk assessment.

Publicada em: Economia e finanças
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Cybersecurity aspects of blockchain and cryptocurrency

  1. 1. Cybersecurity Aspects of Blockchain and Cryptocurrency
  2. 2. About Me Tony Martin-Vegue @tdmv • 20 years in Technology; last 10 in Cyber Risk • FAIR practitioner for about 7 years now • Reside in the Bay Area
  3. 3. Book chapter… “Cyber Risk Quantification of Financial Technology”
  4. 4. Paradigms Emerging Risks
  5. 5. From the “Today Show,” 1994 “What is Internet, Anyway?”
  6. 6. Paradigm Shifts
  7. 7. Users Databases Resources Traditional Defense-In- Depth
  8. 8. UsersDatabases Resources New Normal
  9. 9. There is no cloud. Just someone else’s computer
  10. 10. …blockchain is just someone else’s database.
  11. 11. Traditional Defense-In-Depth Beyond the Hard Perimeter • Clear perimeter • Policy enforcement points • Company-controlled hardware, software, data • Access-control based trust models • Compliance: easy to define • Fuzzy or no perimeter • Enforcement points: not applicable • “Ownership” is decentralized • Zero-trust • Still figuring compliance out
  12. 12. Emerging Risks
  13. 13. The Strange Case of Mt. Gox (or, how forgetting the fundamentals can really hurt)
  14. 14. “The One Patch Most Needed in Cybersecurity”

×