A Blockchain-Based Risk and Information System Control Framework

Ma, Shenglan; Wang, Hao; Dai, Hong-Ning; Cheng, Shuhan; Yi, Ruihua; Wang, Tongsen

Ma, Shenglan; Wang, Hao; Dai, Hong-Ning; Cheng, Shuhan; Yi, Ruihua; Wang, Tongsen

Chapter, Conference object

Accepted version

View/Open

Wang (760.7Kb)

URI

http://hdl.handle.net/11250/2594709

Date

2018

Metadata

Show full item record

Collections

Institutt for IKT og realfag [267]
Publikasjoner fra CRIStin - NTNU [22160]

Original version

2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech) 10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00031

Abstract

Risk and Information System Control Framework in business includes the methods and processes to manage risks and seize opportunities which involve identifying particular risk events relevant to the objectives, assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. In order to provide better support for the backtracking, traceability, irreversibility, and credible requirements of risk registration table data in the framework, this paper proposes a blockchain-based risk and information system control framework. A risk association tree is designed for combining summarized risk item ledgers with risk assessment ledgers and risk response ledgers based on the Merkle Tree. Three proposed smart contracts are used in risk identification, risk assessment, risk response and mitigation, and risk and control monitoring and reporting processes. We implement a prototype for this framework.

Publisher

IEEE