Information Sharing Infrastructures and Tools

The exchange of information regarding cyber as well as physical security is crucial in all types of organizational ecosystems. The ecosystem of financial organizations is no exception. Thus, the FINSEC project proposed the design and implementation of a mechanism that enables the exchange of information between organizations of the financial ecosystem. This mechanism is known as the collaboration service.

The Collaboration Service is a High-Level service that interacts with other services in the Service Tier of the FINSEC Reference Architecture. It facilitates the exchange of information regarding physical and cybersecurity incidents through a private Ethereum network. An organisation must have an Ethereum node to use the collaboration service, since this allows the organisation to be a member of the private Ethereum network.

A blockchain provides data immutability and consequently integrity. This is important for financial institutions since they use these data to make informed decisions related to physical and cyber security. Additionally, the blockchain provides constant data availability, since every node of the blockchain network stores a copy of these data. Another benefit of permissioned blockchains is the fact that only nodes that are members of the permissioned network can write and read data on it. This property provides the confidentiality of data, which in our case are very sensitive. Thus, blockchain is one easy and robust way to achieve the Confidentiality, Integrity and Availability (CIA) triad.

To determine the functional correctness and test the performance of the collaboration service implementation two scenarios were devised. The first scenario simulated the message exchange between two organizations. The second scenario focused on notifying the members of the collaboration service regarding the posting of a new message on a message feed.

25 views0 comments

Recent Posts

See All

Vulnerability Assessment and Pen-Testing Service

A vulnerably scanner is an automatic tool capable of actively detecting vulnerabilities in a target infrastructure, simulating the role of an attacker. Usually this kind of activity is called penetrat