F6. Auditing Blockchain Systems with the CCSS (Part II of II)
Audit & Risk Management
Thursday, June 6, 2019
11:15 AM - 12:15 PM
Part II of Blockchains for Auditors (Professionals interested in this session, but who are unfamiliar with the basics of blockchain technology, should consider attending the sister session “Understanding Blockchain for Auditors” to learn the fundamentals needed to follow along) With millions stolen or lost each year, and billions over the lifetime of the technology, blockchain based assets have proven trouble-some to secure. This talk will explore the process of assessing an information system that contains digital assets such as cryptocurrencies, utility tokens, and other cryptographically represented securities. Using the Crypto Currency Security Standard (CCSS) as the industry-recognized measurement for a securing cryptographically-secured digital assets, we will delve into the different domains of the standard and cover how compliance of each aspect can be determined and ranked. This process will be beneficial for internal assessments and external auditors alike.
After completing this session, the learner will: - Understanding the application of addresses and wallets to business operations - Assessing cryptographic key creation methodologies - Evaluating key handling & management operations - Validating breach and disaster recovery processes - Familiarity with the CCSS and its core concepts
Dirk Anderson is passionate about information security and privacy has advised organizations of all sizes on how to reduce the risks associated with doing business in an online world. He is currently the Director of Cyber Risk Management and Compliance at the blockchain backed loan provider, SALT Lending. Joshua McDougall is a Director with Kroll’s Cyber Risk practice based in Denver, CO. He specializes in blockchain technology, investigations involving complex data systems, and the eDiscovery lifecycle. He is co-author of the CryptoCurrency Security Standard (CCSS).