Report offers security and risk management leaders and financial regulators ways to proactively prevent, detect, and respond to potential risks
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Corda Enterprise 4.8 – Architecture Security Report and an accompanying security controls checklist. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report examines the security of r3’s blockchain framework, Corda Enterprise 4.8 Permissioned Network, and offers ways to mitigate negative business impacts that could arise from such threats as improper business logic flow and insecure network implementation, among others.
“Our aim when drafting this paper was to bring security and risk management leaders new to Corda DLT implementations quickly up to speed with respect to associated organizational risks so that they, in turn, can better estimate operational costs while simultaneously balancing their security needs with business priorities”
“Our aim when drafting this paper was to bring security and risk management leaders new to Corda DLT implementations quickly up to speed with respect to associated organizational risks so that they, in turn, can better estimate operational costs while simultaneously balancing their security needs with business priorities,” said Bill Izzo, chair of the Blockchain/DLT Working Group.
Top iTechnology Security News: NetWitness and Datashield Collaboration Mitigates Impact of Log4j Java Security Vulnerability
The researchers, led by Urmila Nagvekar, one of the paper’s co-authors, sought ways to help security and risk management leaders, as well as regulators in the financial sector, proactively prevent, detect, and respond to potential risks by:
- identifying Corda’s architectural risks to cybersecurity attributes (privacy, confidentiality, integrity, availability) when implemented as a permissioned enterprise network for a trade finance business in a cloud-based environment
- delivering a fully implementable security controls checklist aligned with the NIST Cybersecurity Framework’s Controls.
Key takeaways from the report include an overview of how Corda 4.8 was used to depict a transaction within a trade finance workflow; the steps, method, and results of the Corda 4.8 risk identification process; and cryptography module recommendations for a Corda 4.8 permissioned network.
Top iTechnology AIOps News: Moviebook Gets Top Ranking on China’s Digital Commerce Content and Service Industry Chain
[To share your insights with us, please write to sghosh@martechseries.com]
