Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls
- URL: http://arxiv.org/abs/2411.13447v1
- Date: Wed, 20 Nov 2024 16:42:14 GMT
- Title: Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls
- Authors: Deepti Gupta, Lavanya Elluri, Avi Jain, Shafika Showkat Moni, Omer Aslan,
- Abstract summary: This paper proposes a comprehensive secure framework for managing third-party vendor risk.
It integrates blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions.
- Score: 0.6990493129893112
- License:
- Abstract: In an era of heightened digital interconnectedness, businesses increasingly rely on third-party vendors to enhance their operational capabilities. However, this growing dependency introduces significant security risks, making it crucial to develop a robust framework to mitigate potential vulnerabilities. This paper proposes a comprehensive secure framework for managing third-party vendor risk, integrating blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions. By leveraging blockchain, the framework enhances the integrity of vendor security audits, ensuring that vendor assessments remain up-to-date and tamperproof. This proposed framework leverages smart contracts to reduce human error while ensuring real-time monitoring of compliance and security controls. By evaluating critical security controls-such as data encryption, access control mechanisms, multi-factor authentication, and zero-trust architecture-this approach strengthens an organization's defense against emerging cyber threats. Additionally, continuous monitoring enabled by blockchain ensures the immutability and transparency of vendor compliance processes. In this paper, a case study on iHealth's transition to AWS Cloud demonstrates the practical implementation of the framework, showing a significant reduction in vulnerabilities and marked improvement in incident response times. Through the adoption of this blockchain-enabled approach, organizations can mitigate vendor risks, streamline compliance, and enhance their overall security posture.
Related papers
- Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency.
Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
arXiv Detail & Related papers (2024-12-07T20:18:36Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Enhancing Enterprise Security with Zero Trust Architecture [0.0]
Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity.
ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default.
This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics.
arXiv Detail & Related papers (2024-10-23T21:53:16Z) - SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection [46.68279506084277]
This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive traceability and originality verification.
It provides an analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.
arXiv Detail & Related papers (2024-08-30T07:15:43Z) - Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle [0.0]
This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats.
It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience.
The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
arXiv Detail & Related papers (2024-07-08T18:10:47Z) - Enhancing Data Integrity and Traceability in Industry Cyber Physical Systems (ICPS) through Blockchain Technology: A Comprehensive Approach [0.0]
This study explores the potential of blockchain in enhancing data integrity and traceability within Industry Cyber-Physical Systems (ICPS)
ICPS is pivotal in managing critical infrastructure like manufacturing, power grids, and transportation networks.
This research unearths various blockchain applications in ICPS, including supply chain management, quality control, contract management, and data sharing.
arXiv Detail & Related papers (2024-05-08T06:22:37Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - A Zero Trust Framework for Realization and Defense Against Generative AI
Attacks in Power Grid [62.91192307098067]
This paper proposes a novel zero trust framework for a power grid supply chain (PGSC)
It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats.
Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
arXiv Detail & Related papers (2024-03-11T02:47:21Z) - A Scalable Multi-Layered Blockchain Architecture for Enhanced EHR Sharing and Drug Supply Chain Management [3.149883354098941]
This paper presents a scalable, multi-layered blockchain architecture for secure Electronic Health Record sharing and drug supply chain management.
The proposed framework introduces five distinct layers that enhance system performance, security, and patient-centric access control.
Our solution ensures data integrity, privacy, and interoperability, making it compatible with existing healthcare systems.
arXiv Detail & Related papers (2024-02-27T09:20:16Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - An Empirical Analysis of Implementing Enterprise Blockchain Protocols in
Supply Chain Anti-Counterfeiting and Traceability [0.0]
A Decentralized Anti-Counterfeiting System (dNAS) was developed to strengthen capability of product anti-counterfeiting and traceability in supply chain industry.
An empirical analysis performed against decentralized solutions, including dNAS, summarizes the effectiveness, limitations and future opportunities.
arXiv Detail & Related papers (2021-02-04T13:31:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.