• Cryptocurrency Security Compliance


    https://www.redteamsecure.com/compliance/cryptocurrency-security/

    The CryptoCurrency Security Standard (CCSS) is a set of requirements designed to govern all information systems that store, accept or transact with cryptocurrencies like Bitcoin and Ethereum.

    Cryptocurrency-Security-Compliance

    CCSS is created collaboratively by a group of developers, researchers and security experts with the goal of giving users a safe and secure means of handling cryptocurrencies, including Bitcoin, Ethereum, Litecoin, and many others. It is not meant to be a standalone governing document; rather, it should be used in tandem with existing best practices for information security, like ISO 27001.

    CCSS addresses 10 key aspects of cryptocurrency security, including hardware and software, personnel, policies and procedures, and more. These 10 areas are used as a scoring system, with the culminating total determining an organization’s overall level of security on a scale of one to three. Level I is the lowest level and offers strong security measures, while Level III is the highest and offers the most comprehensive measure of security.

    Cryptocurrency Security Levels

    Cryptocurrency security levels are assigned based on 10 security aspects:

    • Key/Seed Generation
    • Wallet Creation
    • Key Storage
    • Key Usage
    • Key Compromise Policy
    • Keyholder Grant/Revoke Policies and Procedures
    • Third-Party Security Audits/Pentests
    • Data Sanitization Policy
    • Proof of Reserve
    • Audit Logs

    These security levels are assigned based on the lowest common rating among all categories. So, for example, if a Level I organization meets some, but not all Level II criteria, it will retain a Level I rating until all Level II criteria are met.

    The security levels are described by the CCSS Steering Committee as follows:

    Security Level I

    An organization or system that has achieved Level 1 security protects its information assets with strong levels of security and has proven so by audit. Using industry-standard controls, most risks to the system’s information assets have been addressed. Although this is the lowest cryptocurrency security rating, it still represents a strong level of security.

    Security Level 2

    A Level II system uses additional enhanced controls to exceed strong levels of security. Level 2 organizations make use of decentralized security technologies like multiple signatures, which provide redundancy if any one key or person is compromised.

    Security Level 3

    An information system demonstrating Level III cryptocurrency security has implemented formal policies and procedures that are enforced at every step within their business processes to exceed enhanced levels of security. Multiple actors are required for all critical actions, data authenticity is protected by advanced authentication mechanisms, and assets are distributed geographically and organizationally in such a way to mitigate the chance of compromise to the highest degree possible.

    Cryptocurrency-standards-Chart

    Cryptocurrency Penetration Testing

    Among the other requirements outlined above, all information systems wishing to achieve Level I CCSS compliance must make use of regular third-party security auditing and penetration testing.

    Our Cryptocurrency penetration testing, including Bitcoin penetration testing, Ethereum penetration testing and more, assesses the security of cryptocurrency exchanges and platforms and identifies vulnerabilities that may pose a risk to the assets and security of users on those platforms. The goal is to uncover security flaws and risks so they can be mitigated before a bad actor is able to take advantage of them for improper or malicious purposes.

    In general, cryptocurrency organizations should maintain a documented cybersecurity policy and conduct third-party penetration testing annually.

    Get A Customized Cryptocurrency Penetration Testing Proposal

    Cryptocurrency Physical Security Testing

    While most cryptocurrency transactions take place virtually, bad actors are ever-determined, and the frequency of physical cryptocurrency attacks is on the rise. From brazen armed attacks to stealth, covert burglaries, malicious actors are increasingly taking their efforts offline to misappropriate Bitcoin and other high-value virtual currencies.

    Physical cryptocurrency penetration testing can assess your readiness for such an attack. RedTeam Security can help you take your cryptocurrency penetration test from the digital realm to the real world, uncovering vulnerabilities not just within your networks and devices but in your facilities, access control mechanisms, and other physical assets.

    Learn About Cryptocurrency Physical Security Testing

    Cryptocurrency Social Engineering

    The highly technical world of cryptocurrency isn’t immune to classical social engineering techniques like phishing and spoofing. In fact, criminals are putting new and creative spins on traditional social engineering scenarios to attack from every angle, from ICOs (initial coin offerings) to fraudulent coin wallets and more.

    Social engineering testing for cryptocurrency can uncover vulnerabilities of the human variety—places where individuals may put the integrity of the currency at risk.

    Learn About Cryptocurrency Social Engineering Testing

    Featured On

    National TV news and media outlets often consult with us for our expertise as a
    boutique, high-touch ethical hacking firm highly trained in a narrow field of cyber
    security. Please click on any logo below to view the featured story.

  • 相关阅读:
    深度学习笔记(21)- 深度看图
    Mysql数据库主键,外键,索引概述
    软件架构的演进:单体、垂直、SOA、微服务
    2018年阿里巴巴关于Java重要开源项目汇总
    全面了解HTTP和HTTPS
    创业互联网公司如何搭建自己的技术架构
    Dubbo与Spring Cloud的比较
    Java工程师技能点梳理
    使用SpringCloud将单体迁移至微服务
    Springmvc与Struts区别?
  • 原文地址:https://www.cnblogs.com/dhcn/p/13223994.html
Copyright © 2020-2023  润新知