Establishing a security control framework for blockchain technology

Research output: Contribution to journalArticlepeer-review

Abstract

Aim/Purpose The aim of this paper is to propose a new information security controls framework for blockchain technology, which is currently absent from the National and International Information Security Standards. Background Blockchain technology is a secure and relatively new technology of distributed digital ledgers, which is based on inter-linked blocks of transactions, providing great benefits such as decentralization, transparency, immutability, and automation. There is a rapid growth in the adoption of blockchain technology in different solutions and applications and within different industries throughout the world, such as finance, supply chain, digital identity, energy, healthcare, real estate, and the government sector. Methodology Risk assessment and treatments were performed on five blockchain use cases to determine their associated risks with respect to security controls. Contribution The significance of the proposed security controls is manifested in complementing the frameworks that were already established by the International and National Information Security Standards in order to keep pace with the emerging blockchain technology and prevent/reduce its associated information security risks. Findings The analysis results showed that the proposed security controls herein can mitigate relevant information security risks in blockchain-based solutions and applications and, consequently, protect information and assets from unauthorized disclosure, modification, and destruction. Recommendations The performed risk assessment on the blockchain use cases herein demon-for Practitioners strates that blockchain can involve security risks that require the establishment of certain measures in order to avoid them. As such, practitioners should not blindly assume that through the use of blockchain all security threats are mitigated. Recommendations The results from our study show that some security risks not covered by exist-for Researchers ing Standards can be mitigated and reduced when applying our proposed security controls. In addition, researchers should further justify the need for such additional controls and encourage the standardization bodies to incorporate them in their future editions. Impact on Society Similar to any other emerging technology, blockchain has several drawbacks that, in turn, could have negative impacts on society (e.g., individuals, entities and/or countries). This is mainly due to the lack of a solid national and international standards for managing and mitigating risks associated with such technology. Future Research The majority of the blockchain use cases in this study are publicly published papers. Therefore, one limitation of this study is the lack of technical details about these respective solutions, resulting in the inability to perform a comprehensive risk identification properly. Hence, this area will be expanded upon in our future work. In addition, covering other standardization bodies in the area of distributed ledger in blockchain technology would also prove fruitful, along with respective future design of relevant security architectures.

Original languageEnglish
Pages (from-to)307-330
Number of pages24
JournalInterdisciplinary Journal of Information, Knowledge, and Management
Volume16
DOIs
Publication statusPublished - 2021

Keywords

  • Blockchain technology
  • Information security
  • Security controls
  • Security governance
  • Standards

ASJC Scopus subject areas

  • Computer Science(all)
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Establishing a security control framework for blockchain technology'. Together they form a unique fingerprint.

Cite this