Skip to main content
SpringerLink
Log in

Blockchain-based multi-organizational cyber risk management framework for collaborative environments

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Along with the increasing damage of cyberattacks, cyber risk management remains one of the most crucial proactive measures. Risk management aims to identify potential risks, evaluate their attributes, and implement countermeasures to reduce their damages. The cyber security industry and the research literature have established frameworks and platforms for cyber risk management. However, a risk management framework is required to ensure a practical and secure service for multiple collaborating organizations. In this paper, we overview numerous risk management frameworks and platforms established for various sectors. Then, we investigate the security issues facing the established platforms. After that, we propose a decentralized framework for cyber risk management using blockchain technology in order to serve multiple organizations including governmental ones. In addition, we present a proof of concept implementation using Hyperledger Fabric.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

Data Availability

Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.

References

  1. Agence Nationale de la Sécurité des Systèmes d’Information: Publication : La méthode EBIOS Risk Manager - Le guide. Tech. Rep. ANSSI-PA-048-EN, Agence Nationale de la Sécurité des Systèmes d’Information, ANSSI – 51, boulevard de la Tour-Maubourg – 75 700 PARIS 07 S (2019)

  2. Agile risk manager | ebios risk manager software | all4tec. https://www.all4tec.com/en/ebios-risk-manager-certified-solution-agile-risk-manager/. Accessed on 04-08-2021

  3. Androulaki, E., Barger, A., Bortnikov, V., Cachin, C., Christidis, K., De Caro, A., Enyeart, D., Ferris, C., Laventman, G., Manevich, Y., et al.: Hyperledger fabric. Proceedings of the Thirteenth EuroSys Conference (2018). https://doi.org/10.1145/3190508.3190538

  4. Breu, C.S.B.: A framework for the management of intra-organizational security process standardization. Enterprise Interoperability: Interoperability for Agility, Resilience and Plasticity of Collaborations (I-ESA 14 Proceedings) p. 250 (2015)

  5. Brunner, M., Mussmann, A., Breu, R.: Introduction of a tool-based continuous information security management system: an exploratory case study. In: 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE (2018). https://doi.org/10.1109/qrs-c.2018.00088

  6. Brunner, M., Sillaber, C., Breu, R.: Towards automation in information security management systems. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). IEEE (2017). https://doi.org/10.1109/qrs.2017.26

  7. Bsi-standard 200-2: It-grundschutz-methodology. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2002_en_pdf.html. (Accessed on 04/02/2023)

  8. BÜBER, E., ŞAHİNGÖZ, Ö.K.: Blockchain based information sharing mechanism for cyber threat intelligence. Balkan J. Electric. Comput. Eng. 8, 242–253 (2020)

  9. Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing octave allegro: Improving the information security risk assessment process. Tech. Rep. CMU/SEI-2007-TR-012, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2007). http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8419

  10. Cheng, L., Liu, F., Yao, D.: Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplin. Rev.: Data Mining and Knowledge Dis. 7(5), e1211 (2017)

    Google Scholar 

  11. Cuff, G., Edmonds, J.: Building a secure inter-institutional data sharing platform with blockchain. (2020)

  12. of Cybersecurity, L.H.: Risk assessment optimisation with monarc (2022). https://www.monarc.lu/publications/risk-assessment-optimisation-with-monarc/. Accessed on 25-04-2023

  13. El Amin, H.: Risk Management Framework using Blockchain (2022). https://git.io/J9Cfu

  14. Elisa, N., Yang, L., Chao, F., Cao, Y.: A framework of blockchain-based secure and privacy-preserving e-government system. Wireless Netw. (2018). https://doi.org/10.1007/s11276-018-1883-0

    Article  Google Scholar 

  15. Giuca, O., Popescu, T.M., Popescu, A.M., Prostean, G., Popescu, D.E.: A survey of cybersecurity risk management frameworks. In: International Workshop Soft Computing Applications, pp. 240–272. Springer (2018)

  16. Haji, S., , Tan, Q., Costa, R.S., and: A hybrid model for information security risk assessment. International Journal of Advanced Trends in Computer Science and Engineering pp. 100–106 (2019). 10.30534/ijatcse/2019/1981.12019. https://doi.org/10.30534/ijatcse/2019/1981.12019

  17. Huang, Y., Debnath, J., Iorga, M., Kumar, A., Xie, B.: Csat: A user-interactive cyber security architecture tool based on nist-compliance security controls for risk management. In: 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp. 0697–0707. IEEE (2019)

  18. Hussain, M.A., Abd Latiff, M.S., Madni, S.H.H., Rasi, R.Z.R.M., Othman, M.F.I.: Concept of blockchain technology. Int. J. Innovative Comput. 9(2) (2019)

  19. Hyperledger caliper documentation. https://hyperledger.github.io/caliper/v0.4.2/getting-started/. Accessed on 06/09/2021

  20. IBM: Cost of a data breach report 2021. https://www.ibm.com/security/data-breach(2021). https://www.ibm.com/security/data-breach. IBM Corporation

  21. Imran, S., Hyder, I.: Security issues in databases. In: 2009 Second International Conference on Future Information Technology and Management Engineering, pp. 541–545. IEEE (2009)

  22. Initiative, J.T.F.T.: Guide for conducting risk assessments. Tech. Rep. NIST SP 800-30r1, National Institute of Standards and Technology, Gaithersburg, MD (2012). 10.6028/NIST.SP.800-30r1. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

  23. International Organization for Standardization: Information Technology. Security Techniques. Information Security Risk Management: ISO/IEC 27005: 2018. International Organization for Standardization (2018)

  24. Ionita, D.: Current established risk assessment methodologies and tools. Master’s thesis, University of Twente (2013)

  25. Information risk assessment methodology 2(iram2) (2021). https://www.securityforum.org/solutions-and-insights/information-risk-assessment-methodology-iram2/

  26. Eu itsrm, it security risk management methodology v1.2 (2020). https://ec.europa.eu/info/publications/security-standards-applying-all-europeancommission-information-systems_en

  27. Jeong, J., Kim, D., Lee, B., Son, Y.: Design and implementation of a digital evidence management model based on hyperledger fabric. J. Inform. Process. Syst. 16(4), 760–773 (2020)

    Google Scholar 

  28. Lambrinoudakis, C., Gritzalis, S., Xenakis, C., Katsikas, S., Karyda, M., Tsochou, A., Papadatos, K., Rantos, K., Pavlosoglou, Y., Gasparinatos, S., et al.: Compendium of risk management frameworks with potential interoperability: Supplement to the interoperable eu risk management framework report. Athens, Greece, European Union Agency for Cybersecurity (ENISA) (2022)

  29. Ma, S., Hao, W., Dai, H.N., Cheng, S., Yi, R., Wang, T.: A blockchain-based risk and information system control framework. In: 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, pp. 106–113 (2018). https://doi.org/10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00031

  30. McLennan, M.: The global risks report 2021 16th edition (2021)

  31. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decentralized Business Review p. 21260 (2008)

  32. Neupart Risk Management. https://www.neupart.com/products. Accessed on 04-08-2021

  33. Ozkan, S., Karabacak, B.: Collaborative risk method for information security management practices: a case context within turkey. Int. J. Inf. Manage. 30(6), 567–572 (2010)

    Article  Google Scholar 

  34. RSA Archer Platform. https://www.rsa.com/de-de/products/integrated-risk-management/archer-platform. Accessed on 04-08-2021

  35. Salman, T., Zolanvari, M., Erbad, A., Jain, R., Samaka, M.: Security services using blockchains: a state of the art survey. IEEE Commun. Surv. Tutorials 21(1), 858–880 (2018)

    Article  Google Scholar 

  36. Schmitz, C., Pape, S.: Lisra: lightweight security risk assessment for decision support in information security. Comput. Security 90, 101656 (2020)

    Article  Google Scholar 

  37. Shalaby, S., Abdellatif, A.A., Al-Ali, A., Mohamed, A., Erbad, A., Guizani, M.: Performance evaluation of hyperledger fabric. In: 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), pp. 608–613. IEEE (2020)

  38. Wood, G., et al.: Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151(2014), 1–32 (2014)

    Google Scholar 

  39. Yuan, P., Xiong, X., Lei, L., Zheng, K.: Design and implementation on hyperledger-based emission trading system. IEEE Access 7, 6109–6116 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CIMTI, Faculty of Engineering, University of Saint Joseph, Beirut, Lebanon

    Habib El Amin & Maroun Chamoun

  2. CRSI, Faculty of Engineering, Lebanese University, Hadath, Lebanon

    Habib El Amin, Lina Oueidat & Abed Ellatif Samhat

  3. Potech Labs, P.O.TECH, Beirut, Lebanon

    Habib El Amin & Antoine Feghali

Authors
  1. Habib El Amin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lina Oueidat
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maroun Chamoun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Abed Ellatif Samhat
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Antoine Feghali
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Habib El Amin.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

El Amin, H., Oueidat, L., Chamoun, M. et al. Blockchain-based multi-organizational cyber risk management framework for collaborative environments. Int. J. Inf. Secur. 23, 1231–1249 (2024). https://doi.org/10.1007/s10207-023-00788-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00788-7

Keywords

Search

Navigation