Risk matrix breaks down problem areas of blockchain technology | Article

A brand new threat matrix, “Blockchain Risk: Considerations for Professionals,” goals to explain and contextualize a number of particular dangers related to the implementation and operation of blockchain. It was developed collectively by a working group comprised of the ISACA, the American Institute of Licensed Public Accountants (AICPA), and the Chartered Institute of Administration Accountants (CIMA).

The matrix is organized beneath 5 threat domains—governance, infrastructure, knowledge, key administration, and good contracts—and their related subdomains.

“Many enterprises are desirous to harness the ability of blockchain to rework their companies or operations,” mentioned Dustin Brewer, ISACA senior director, rising know-how and innovation, in a press release. “Whereas there are nice advantages to utilizing blockchain, practitioners ought to guarantee they absolutely perceive all varieties of threat to keep away from doubtlessly exposing their enterprise to vulnerabilities, assault vectors or different points earlier than implementing—and even retroactively, if wanted.”

Under is a quick description of every area threat, as described in higher element within the threat matrix:

Governance “encompasses blockchain design, together with particular parameters, protocols or algorithms, and regulatory and administration oversight pointers or necessities,” in response to the chance matrix. An instance can be insurance policies and procedures that “embrace regulatory and administration oversight pointers or necessities of the blockchain.”

Infrastructure is “any blockchain performance or functionality impartial of a knowledge transaction on the blockchain.” Software program vulnerabilities are one instance.

Information is outlined as “off-chain data that’s saved or transmitted in a computer-legible format and used to transact or work together on a blockchain community, or on-chain knowledge which can be sourced from a blockchain community and handled as a supply of fact for a enterprise function.” The chance matrix describes seven subcategories of this area, together with knowledge integrity, entry rights, blockchain bloat, nonstandard transactions, knowledge output, out-of-range-data, and orphan addresses.

Key administration describes the “administration of private and non-private keys” and comprises 19 totally different examples of dangers posed by keys.

Good contracts are “blockchain networks and different distributed-ledger know-how that run digital machines and decentralized code, and permit for programmatic worth switch and recording of state and different transaction knowledge.” The chance matrix describes 4 subdomains beneath this class: governance threat, design threat, exterior interplay threat, and manipulation/denial of service threat.

“Selections to implement blockchain know-how needs to be made solely after rigorously assessing the chance,” the joint working group said. “If blockchain has already been carried out, enterprises ought to carry out retrospective critiques to establish threat associated to governance, infrastructure, knowledge, key administration, and good contracts, as relevant, and floor any management gaps which will jeopardize enterprise targets.”