Abstract
Along with the increasing damage of cyberattacks, cyber risk management remains one of the most crucial proactive measures. Risk management aims to identify potential risks, evaluate their attributes, and implement countermeasures to reduce their damages. The cyber security industry and the research literature have established frameworks and platforms for cyber risk management. However, a risk management framework is required to ensure a practical and secure service for multiple collaborating organizations. In this paper, we overview numerous risk management frameworks and platforms established for various sectors. Then, we investigate the security issues facing the established platforms. After that, we propose a decentralized framework for cyber risk management using blockchain technology in order to serve multiple organizations including governmental ones. In addition, we present a proof of concept implementation using Hyperledger Fabric.
Similar content being viewed by others
Data Availability
Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.
References
Agence Nationale de la Sécurité des Systèmes d’Information: Publication : La méthode EBIOS Risk Manager - Le guide. Tech. Rep. ANSSI-PA-048-EN, Agence Nationale de la Sécurité des Systèmes d’Information, ANSSI – 51, boulevard de la Tour-Maubourg – 75 700 PARIS 07 S (2019)
Agile risk manager | ebios risk manager software | all4tec. https://www.all4tec.com/en/ebios-risk-manager-certified-solution-agile-risk-manager/. Accessed on 04-08-2021
Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y., et al.: Hyperledger fabric. Proceedings of the Thirteenth EuroSys Conference (2018). https://doi.org/10.1145/3190508.3190538
Breu, C.S.B.: A framework for the management of intra-organizational security process standardization. Enterprise Interoperability: Interoperability for Agility, Resilience and Plasticity of Collaborations (I-ESA 14 Proceedings) p. 250 (2015)
Brunner, M., Mussmann, A., Breu, R.: Introduction of a tool-based continuous information security management system: an exploratory case study. In: 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE (2018). https://doi.org/10.1109/qrs-c.2018.00088
Brunner, M., Sillaber, C., Breu, R.: Towards automation in information security management systems. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). IEEE (2017). https://doi.org/10.1109/qrs.2017.26
Bsi-standard 200-2: It-grundschutz-methodology. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2002_en_pdf.html. (Accessed on 04/02/2023)
BÜBER, E., ŞAHİNGÖZ, Ö.K.: Blockchain based information sharing mechanism for cyber threat intelligence. Balkan J. Electric. Comput. Eng. 8, 242–253 (2020)
Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing octave allegro: Improving the information security risk assessment process. Tech. Rep. CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2007). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419
Cheng, L., Liu, F., Yao, D.: Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplin. Rev.: Data Mining and Knowledge Dis. 7(5), e1211 (2017)
Cuff, G., Edmonds, J.: Building a secure inter-institutional data sharing platform with blockchain. (2020)
of Cybersecurity, L.H.: Risk assessment optimisation with monarc (2022). https://www.monarc.lu/publications/risk-assessment-optimisation-with-monarc/. Accessed on 25-04-2023
El Amin, H.: Risk Management Framework using Blockchain (2022). https://git.io/J9Cfu
Elisa, N., Yang, L., Chao, F., Cao, Y.: A framework of blockchain-based secure and privacy-preserving e-government system. Wireless Netw. (2018). https://doi.org/10.1007/s11276-018-1883-0
Giuca, O., Popescu, T.M., Popescu, A.M., Prostean, G., Popescu, D.E.: A survey of cybersecurity risk management frameworks. In: International Workshop Soft Computing Applications, pp. 240–272. Springer (2018)
Haji, S., , Tan, Q., Costa, R.S., and: A hybrid model for information security risk assessment. International Journal of Advanced Trends in Computer Science and Engineering pp. 100–106 (2019). 10.30534/ijatcse/2019/1981.12019. https://doi.org/10.30534/ijatcse/2019/1981.12019
Huang, Y., Debnath, J., Iorga, M., Kumar, A., Xie, B.: Csat: A user-interactive cyber security architecture tool based on nist-compliance security controls for risk management. In: 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp. 0697–0707. IEEE (2019)
Hussain, M.A., Abd Latiff, M.S., Madni, S.H.H., Rasi, R.Z.R.M., Othman, M.F.I.: Concept of blockchain technology. Int. J. Innovative Comput. 9(2) (2019)
Hyperledger caliper documentation. https://hyperledger.github.io/caliper/v0.4.2/getting-started/. Accessed on 06/09/2021
IBM: Cost of a data breach report 2021. https://www.ibm.com/security/data-breach(2021). https://www.ibm.com/security/data-breach. IBM Corporation
Imran, S., Hyder, I.: Security issues in databases. In: 2009 Second International Conference on Future Information Technology and Management Engineering, pp. 541–545. IEEE (2009)
Initiative, J.T.F.T.: Guide for conducting risk assessments. Tech. Rep. NIST SP 800-30r1, National Institute of Standards and Technology, Gaithersburg, MD (2012). 10.6028/NIST.SP.800-30r1. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
International Organization for Standardization: Information Technology. Security Techniques. Information Security Risk Management: ISO/IEC 27005: 2018. International Organization for Standardization (2018)
Ionita, D.: Current established risk assessment methodologies and tools. Master’s thesis, University of Twente (2013)
Information risk assessment methodology 2(iram2) (2021). https://www.securityforum.org/solutions-and-insights/information-risk-assessment-methodology-iram2/
Eu itsrm, it security risk management methodology v1.2 (2020). https://ec.europa.eu/info/publications/security-standards-applying-all-europeancommission-information-systems_en
Jeong, J., Kim, D., Lee, B., Son, Y.: Design and implementation of a digital evidence management model based on hyperledger fabric. J. Inform. Process. Syst. 16(4), 760–773 (2020)
Lambrinoudakis, C., Gritzalis, S., Xenakis, C., Katsikas, S., Karyda, M., Tsochou, A., Papadatos, K., Rantos, K., Pavlosoglou, Y., Gasparinatos, S., et al.: Compendium of risk management frameworks with potential interoperability: Supplement to the interoperable eu risk management framework report. Athens, Greece, European Union Agency for Cybersecurity (ENISA) (2022)
Ma, S., Hao, W., Dai, H.N., Cheng, S., Yi, R., Wang, T.: A blockchain-based risk and information system control framework. In: 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, pp. 106–113 (2018). https://doi.org/10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00031
McLennan, M.: The global risks report 2021 16th edition (2021)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review p. 21260 (2008)
Neupart Risk Management. https://www.neupart.com/products. Accessed on 04-08-2021
Ozkan, S., Karabacak, B.: Collaborative risk method for information security management practices: a case context within turkey. Int. J. Inf. Manage. 30(6), 567–572 (2010)
RSA Archer Platform. https://www.rsa.com/de-de/products/integrated-risk-management/archer-platform. Accessed on 04-08-2021
Salman, T., Zolanvari, M., Erbad, A., Jain, R., Samaka, M.: Security services using blockchains: a state of the art survey. IEEE Commun. Surv. Tutorials 21(1), 858–880 (2018)
Schmitz, C., Pape, S.: Lisra: lightweight security risk assessment for decision support in information security. Comput. Security 90, 101656 (2020)
Shalaby, S., Abdellatif, A.A., Al-Ali, A., Mohamed, A., Erbad, A., Guizani, M.: Performance evaluation of hyperledger fabric. In: 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), pp. 608–613. IEEE (2020)
Wood, G., et al.: Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014), 1–32 (2014)
Yuan, P., Xiong, X., Lei, L., Zheng, K.: Design and implementation on hyperledger-based emission trading system. IEEE Access 7, 6109–6116 (2018)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
El Amin, H., Oueidat, L., Chamoun, M. et al. Blockchain-based multi-organizational cyber risk management framework for collaborative environments. Int. J. Inf. Secur. 23, 1231–1249 (2024). https://doi.org/10.1007/s10207-023-00788-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00788-7