Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls

• URL: http://arxiv.org/abs/2411.13447v1
• Date: Wed, 20 Nov 2024 16:42:14 GMT
• Title: Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls
• Authors: Deepti Gupta, Lavanya Elluri, Avi Jain, Shafika Showkat Moni, Omer Aslan,
• Abstract summary: This paper proposes a comprehensive secure framework for managing third-party vendor risk. It integrates blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions.
• Score: 0.6990493129893112
• License:
• Abstract: In an era of heightened digital interconnectedness, businesses increasingly rely on third-party vendors to enhance their operational capabilities. However, this growing dependency introduces significant security risks, making it crucial to develop a robust framework to mitigate potential vulnerabilities. This paper proposes a comprehensive secure framework for managing third-party vendor risk, integrating blockchain technology to ensure transparency, traceability, and immutability in vendor assessments and interactions. By leveraging blockchain, the framework enhances the integrity of vendor security audits, ensuring that vendor assessments remain up-to-date and tamperproof. This proposed framework leverages smart contracts to reduce human error while ensuring real-time monitoring of compliance and security controls. By evaluating critical security controls-such as data encryption, access control mechanisms, multi-factor authentication, and zero-trust architecture-this approach strengthens an organization's defense against emerging cyber threats. Additionally, continuous monitoring enabled by blockchain ensures the immutability and transparency of vendor compliance processes. In this paper, a case study on iHealth's transition to AWS Cloud demonstrates the practical implementation of the framework, showing a significant reduction in vulnerabilities and marked improvement in incident response times. Through the adoption of this blockchain-enabled approach, organizations can mitigate vendor risks, streamline compliance, and enhance their overall security posture.

Related papers

• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• Enhancing Enterprise Security with Zero Trust Architecture [0.0]
  Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics.
  arXiv  Detail & Related papers  (2024-10-23T21:53:16Z)
• SPOQchain: Platform for Secure, Scalable, and Privacy-Preserving Supply Chain Tracing and Counterfeit Protection [46.68279506084277]
  This work proposes SPOQchain, a novel blockchain-based platform that provides comprehensive traceability and originality verification. It provides an analysis of privacy and security aspects, demonstrating the need and qualification of SPOQchain for the future of supply chain tracing.
  arXiv  Detail & Related papers  (2024-08-30T07:15:43Z)
• Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle [0.0]
  This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience. The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
  arXiv  Detail & Related papers  (2024-07-08T18:10:47Z)
• Enhancing Data Integrity and Traceability in Industry Cyber Physical Systems (ICPS) through Blockchain Technology: A Comprehensive Approach [0.0]
  This study explores the potential of blockchain in enhancing data integrity and traceability within Industry Cyber-Physical Systems (ICPS) ICPS is pivotal in managing critical infrastructure like manufacturing, power grids, and transportation networks. This research unearths various blockchain applications in ICPS, including supply chain management, quality control, contract management, and data sharing.
  arXiv  Detail & Related papers  (2024-05-08T06:22:37Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• A Zero Trust Framework for Realization and Defense Against Generative AI Attacks in Power Grid [62.91192307098067]
  This paper proposes a novel zero trust framework for a power grid supply chain (PGSC) It facilitates early detection of potential GenAI-driven attack vectors, assessment of tail risk-based stability measures, and mitigation of such threats. Experimental results show that the proposed zero trust framework achieves an accuracy of 95.7% on attack vector generation, a risk measure of 9.61% for a 95% stable PGSC, and a 99% confidence in defense against GenAI-driven attack.
  arXiv  Detail & Related papers  (2024-03-11T02:47:21Z)
• A Scalable Multi-Layered Blockchain Architecture for Enhanced EHR Sharing and Drug Supply Chain Management [3.149883354098941]
  This article presents an innovative Electronic Health Records (EHR) sharing and drug supply chain management framework. The framework introduces five layers and transactions, prioritizing patient-centric healthcare by granting patients comprehensive access control over their health information. It provides transparency and real-time drug supply monitoring, empowering decision-makers with actionable insights.
  arXiv  Detail & Related papers  (2024-02-27T09:20:16Z)
• TrustAgent: Towards Safe and Trustworthy LLM-based Agents [50.33549510615024]
  This paper presents an Agent-Constitution-based agent framework, TrustAgent, with a focus on improving the LLM-based agent safety. The proposed framework ensures strict adherence to the Agent Constitution through three strategic components: pre-planning strategy which injects safety knowledge to the model before plan generation, in-planning strategy which enhances safety during plan generation, and post-planning strategy which ensures safety by post-planning inspection.
  arXiv  Detail & Related papers  (2024-02-02T17:26:23Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• An Empirical Analysis of Implementing Enterprise Blockchain Protocols in Supply Chain Anti-Counterfeiting and Traceability [0.0]
  A Decentralized Anti-Counterfeiting System (dNAS) was developed to strengthen capability of product anti-counterfeiting and traceability in supply chain industry. An empirical analysis performed against decentralized solutions, including dNAS, summarizes the effectiveness, limitations and future opportunities.
  arXiv  Detail & Related papers  (2021-02-04T13:31:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.