Topic - Methods and Techniques of Blockchain Security for IT Auditors
As companies consider how blockchain technology fits into their overall tech stack, the common belief is that blockchain will become the next frontier for managing data. This alone drives interest in blockchain and encourages many seasoned technologists and IT auditors to begin a quest towards adding blockchain to their repertoire.
This presentation attempts to address the most popular question posed to me at various conferences and seminars which is ‘how can IT auditors best position to capitalize on this emerging and profound blockchain technology.’
The presentation will commence with a high-level introduction of the various blockchain platforms, and how are the key pieces of a blockchain network such as nodes, decentralized apps, smart contracts, and wallets all fit together. Next, we will review the different attacks impacting these components and how to best mitigate them. Finally, we will then transition into auditing methods and techniques applicable to the review of nodes and smart contracts that IT auditors need to know to ensure a thorough and complete audit engagement.
The presentation will attempt to balance between technical and managerial details and depth with code highlights derived from the presenter’s own experience from reviewing smart contracts and blockchain implementation. While some experience with basic programming may be helpful, it is not necessary to understand the presentation.
In summary, the presentation will provide indispensable insights for IT auditors to understand the demand, the skill sets required, and how to upskill themselves to seize the opportunities of the emerging blockchain technology.
Presenter: Tuan Phan, Partner, Zero Friction
Tuan Phan is a partner with Zero Friction LLC with strong expertise in the implementation and management of emerging technologies, information assurance programs, technical projects and operations, and risk management across several industries including government, software, specialty product, drug and medical device manufacturing. His deep expertise spans several decades across industries and domains. Tuan has consulted with state and Federal agencies including Oregon Public Employees Retirement System, Centers for Disease Control and Prevention, National Credit Union Administration, and Federal Retirement Thrift Investment Board on information security and assurance.
Tuan was formerly the founder and the practice leader for blockchain technology at Caplock Security LLC, where he led the development of several proofs of concept using Hyperledger Fabric and Ethereum private blockchains, advised clients on the security implementation of smart contracts and blockchain infrastructure, and implemented the CMMC Assessment Report Tool (https://www.caplocksecurity.com/toolkits).
Tuan is an active members of ISACA, ISC2 and PMI where Tuan has shared his experience on numerous topics on cybersecurity, blockchain security, smart contract auditing, IT governance, and regulatory compliance at several industry conferences and seminars. Tuan is a member of ISACA Emerging Technologies Group, and the ISACA Blockchain Framework Working Group, where he authored the Blockchain Generic Reference Architecture, and Security and Privacy Considerations of the recently released ISACA Blockchain Framework and Guidance (https://www.isaca.org/bookstore/bookstore-misc-digital/wbfg).
Tuan has also authored several articles on blockchain and regulatory compliance topics for industry magazines and journals, served as SME reviewer for ISACA Blockchain Audit Program, and taught seminars on blockchain security.