什么是区块链:
区块链的定义因来源而异, 但本质上, blockchain is a continually expanding list of digital records of information in the form of “blocks” that are linked in a “chain” by using cryptography.
进一步细分, each block has a unique cryptographic signature (hash) and includes a timestamp and detailed transaction data. This data provides an unmodifiable audit trail of evidence that the transaction existed when the block was created (hashed). 当一个块达到其存储极限时, 该块关闭,然后链接到先前填充的块. 这形成了“链”,每个块包含前一个块的数据. Nodes communicate on networks and validate each new block and this verification is available in a digital distributed ledger.
由于这种加密链接, blockchains are resistant to modification because the data in any block cannot be altered without altering every single block in the chain. This makes the blockchain technology very desirable due to its cryptographic complexity, which is why Bitcoin and cryptocurrency is the first thing to come to everyone’s mind when discussing the topic. Bitcoin uses blockchain technology to maintain a secure record through decentralized digitized transactions guaranteeing the integrity of the data. More recently, blockchain technology is famously (infamously) used as the backbone for NFTs (nonfungible tokens) acting as a digital receipt for purely digital one-of-a-kind assets.
区块链的类型:
在过去的几年里, 区块链技术已经发展(并将继续发展)成不同的类型. 常见类型包括:
- Public ——无许可. Anyone on the internet can access the blockchain and create new blocks of data and validate blocks of data. 将事务分配给所有节点,所有节点具有同等的访问权限. 充分分散的.
- Private ——许可. 只允许选定的和经过验证的用户访问环境. 安全管理员可以限制用户的浏览权限. 节点不必相等,因为Security Admin可以限制访问权限.
- Hybrid -两全其美. Allows for specific permissions to be allocated to specific users but certain transactions require oversight by the public blockchain.
业务用例:
- Supply chain management – provide a secure platform for all parties and reduce errors.
- Financial transaction, data recording and trading – faster processing and reduced risk of error.
- 利用数字资产的贷款——使用加密货币作为贷款抵押品.
我如何保护我的区块链环境?
就像任何其他数字维护的环境和/或应用程序一样, good controls need to be in place to prevent internal and external bad actors from performing malicious actions. 而区块链本身是一种安全的技术, 适当的访问管理, change management and risk management (including monitoring) controls are needed for managing blockchain systems. 没有适当的控制, hackers could gain access to supporting systems and create business disruptions and data integrity concerns. 为了防止这种审查,请采取以下措施:
- Ensure that Zero-Trust Framework and Smart Contracts and Cryptographic Keys are properly configured.
- 确保高度特权的访问受到严格限制.
- 确保正确的用户访问, logging, monitoring, alerting, 事故和违规反应控制已就位.
- 确保你现有的政策和程序包括你对区块链的使用.
- 确保员工接受区块链和区块链安全最佳实践方面的培训.
- Ensure that you’re testing for positive and negative results prior to production rollout. Regularly perform regression testing to ensure continued operating effectiveness and detect any vulnerabilities early and often.
- 确保定期重复进行渗透测试.
我如何确保我的区块链环境是安全的?
1. SOC报告-对您的环境进行独立的外部第三方审核.
bet9游戏平台 employs a unique approach to System and Organization Controls (SOC) reports, 整合资讯科技专业知识, 内部审计和外部审计专业人员. 通过结合跨学科知识和项目管理专业知识, we effectively deliver on our clients’ needs and expectations for the SOC report – including our expert understanding of blockchain environments and controls. 如果您有兴趣了解我们如何帮助您的组织, 请bet9平台游戏开始或了解更多关于我们的实践 z20y.comzuo.com/soc.
关于SOC 2报告
SOC 2报告, 组织决定将哪些类别包括在SOC检查范围内. 这种灵活性意味着每个组织的报告都是独一无二的, while also providing a consistent framework to evaluate whether organizations meet the criteria for the categories included in the examination. These examinations are designed for a broad range of users that need information and assurance about the controls at a service organization relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, 以及这些系统处理的信息的保密性和隐私性. 这份报告的使用受到限制. 这些报告可以在组织的监督中发挥重要作用, 供应商管理程序, 以及公司内部治理和风险管理流程.
2. Cybersecurity Penetration Testing – Have an independent external third-party perform penetration testing.
关于施耐德Downs网络安全bet9平台游戏
The bet9游戏平台 cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, 脆弱性评估和一个健壮的数字取证和事件响应团队. 欲了解更多信息,请访问 z20y.comzuo.com/cybersecurity 或bet9平台游戏的团队 (电子邮件保护).
紧急应变- 数字取证和事件响应小组 可用的24/7
bet9游戏平台 数字取证和事件响应 teams are available 24/7/365 at 1-800-993-8937 if you suspect that you have been hacked or you are experiencing a network incident of any kind. 请立即拨打1-800-993-8937进行干预和诊断. Or for best practice, plan ahead or understand your options in case of a cybersecurity breach: 数字取证和事件响应