Skip to main content
Springer Nature Link
Log in

DISA - A Blockchain-Based Distributed Information Security Audit

  • Conference paper
  • First Online:
Information Integration and Web Intelligence (iiWAS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14416))

Abstract

Information security audits are essential for the assessment of enterprise cyber security maturity levels, both from a technical and organizational perspective. A common way of conducting such an assessment is to carry out a security audit based on the international security standard ISO 27001. However, modern organizations often have complex or even global supply chains, which are hard to secure. Verification of sufficient security levels across organizations is a non-trivial task and requires trust between all entities. This paper explores the feasibility of a blockchain-based distributed information security audit, highlights the encountered challenges, and contributes to the discussion of distributed security audits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    See https://docs.substrate.io/build/build-process/.

  2. 2.

    See https://docs.substrate.io/build/runtime-storage/.

References

  1. Ahmad, A., Saad, M., Bassiouni, M., Mohaisen, A.: Towards blockchain-driven, secure and transparent audit logs. In: Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, pp. 443–448 (2018)

    Google Scholar 

  2. Boyens, J., Paulsen, C., Moorthy, R., Bartol, N., Shankles, S.A.: Supply chain risk management practices for federal information systems and organizations. NIST Spec. Publ. 800(161), 32 (2015)

    Google Scholar 

  3. Guan, Z., Lyu, H., Zheng, H., Li, D., Liu, J.: Distributed audit system of SDN controller based on blockchain. In: Qiu, M. (ed.) SmartBlock 2019. LNCS, vol. 11911, pp. 21–31. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34083-4_3

    Chapter  Google Scholar 

  4. ISO/IEC: Information technology - Security techniques - Information security management systems - Requirements. Standard, International Organization for Standardization, Geneva, CH, October 2013

    Google Scholar 

  5. Kolb, J., AbdelBaky, M., Katz, R.H., Culler, D.E.: Core concepts, challenges, and future directions in blockchain: A centralized tutorial. ACM Comput. Surv. 53(1), February 2020. https://doi.org/10.1145/3366370

  6. Mounji, A., Le Charlier, B., Zampunieris, D., Habra, N.: Distributed audit trail analysis. In: Proceedings of the Symposium on Network and Distributed System Security, pp. 102–112 (1995). https://doi.org/10.1109/NDSS.1995.390641

  7. Panwar, A., Bhatnagar, V.: Distributed ledger technology (dlt): the beginning of a technological revolution for blockchain. In: 2nd International Conference on Data, Engineering and Applications (IDEA), pp. 1–5. IEEE (2020)

    Google Scholar 

  8. Tsai, C.R., Gligor, V.: Distributed audit with secure remote procedure calls. In: Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on Security Technology, pp. 154–160 (1991). https://doi.org/10.1109/CCST.1991.202209

  9. Vroom, C., von Solms, R.: Information security: auditing the behaviour of the employee. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds.) SEC 2003. ITIFIP, vol. 122, pp. 401–404. Springer, Boston (2003). https://doi.org/10.1007/978-0-387-35691-4_35

    Chapter  Google Scholar 

  10. Vroom, C., Von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191–198 (2004)

    Article  Google Scholar 

Download references

Acknowledgements

The work presented in this paper was done at the Josef Ressel Center for Blockchain Technologies and Security Management, St. Pölten University of Applied Sciences, Austria. The financial support by the Christian Doppler Research Association, the Austrian Federal Ministry for Digital, and Economic Affairs and the National Foundation for Research, Technology and Development is gratefully acknowledged. Furthermore, parts of this work were funded by the COIN-project “Secure Supply Chains for Critical Systems” (SSCCS, FFG-Nr. 883977) by the Austrian Research Promotion Agency (FFG).

Author information

Authors and Affiliations

  1. St. Pölten University of Applied Sciences, Campus-Platz 1, 3100, St. Pölten, Austria

    Lukas König, Martin Pirker, Herfried Geyer, Michael Feldmann, Simon Tjoa & Peter Kieseberg

Authors
  1. Lukas König
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Pirker
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Herfried Geyer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Feldmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Simon Tjoa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Peter Kieseberg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lukas König .

Editor information

Editors and Affiliations

  1. Monash University, Melbourne, VIC, Australia

    Pari Delir Haghighi

  2. La Trobe University, Melbourne, VIC, Australia

    Eric Pardede

  3. University of Auckland, Auckland, New Zealand

    Gillian Dobbie

  4. University of Auckland, Auckland, New Zealand

    Vithya Yogarajan

  5. Udayana University, Denpasar, Indonesia

    Ngurah Agus Sanjaya ER

  6. Johannes Kepler University Linz, Linz, Austria

    Gabriele Kotsis

  7. Johannes Kepler University Linz, Linz, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

König, L., Pirker, M., Geyer, H., Feldmann, M., Tjoa, S., Kieseberg, P. (2023). DISA - A Blockchain-Based Distributed Information Security Audit. In: Delir Haghighi, P., et al. Information Integration and Web Intelligence. iiWAS 2023. Lecture Notes in Computer Science, vol 14416. Springer, Cham. https://doi.org/10.1007/978-3-031-48316-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-48316-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-48315-8

  • Online ISBN: 978-3-031-48316-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics