Browse > Article
http://dx.doi.org/10.3745/KTCCS.2022.11.8.249

Improvement of ISMS Certification Components for Virtual Asset Services: Focusing on CCSS Certification Comparison  

Kim, Eun Ji (성균관대학교 정보보안학과)
Koo, Ja Hwan (성균관대학교 소프트웨어융합대학)
Kim, Ung Mo (성균관대학교 소프트웨어융합대학)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.11, no.8, 2022 , pp. 249-258 More about this Journal
Abstract
Since the advent of Bitcoin, various virtual assets have been actively traded through virtual asset services of virtual asset exchanges. Recently, security accidents have frequently occurred in virtual asset exchanges, so the government is obligated to obtain information security management system (ISMS) certification to strengthen information protection of virtual asset exchanges, and 56 additional specialized items have been established. In this paper, we compared the domain importance of ISMS and CryptoCurrency Security Standard (CCSS) which is a set of requirements for all information systems that make use of cryptocurrencies, and analyzed the results after mapping them to gain insight into the characteristics of each certification system. Improvements for 4 items of High Level were derived by classifying the priorities for improvement items into 3 stages: High, Medium, and Low. These results can provide priority for virtual asset and information system security, support method and systematic decision-making on improvement of certified items, and contribute to vitalization of virtual asset transactions by enhancing the reliability and safety of virtual asset services.
Keywords
Virtual Asset; Virtual Asset Exchange; Virtual Asset Service; ISMS; CCSS;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Y. S. Chung and J. S. Cha, "The security risk and countermeasures of blockchain based virtual currency trading," The Journal of Korea Institute of Information, Electronics, and Communication Technology, Vol.11, No.1, pp.100-106, 2018.   DOI
2 Hedgewithcrypto, Cryptocurrency Exchange Hacks (Up-dated 2022 List) [Internet], https://www.hedgewithcrypto.com/cryptocurrency-exchange-hacks/.
3 K. Grobys, "When the blockchain does not block: On hackings and uncertainty in the cryptocurrency market," Quantitative Finance, Vol.21, Iss.8, pp.1267-1279, 2021.   DOI
4 L. Konig, S. Unger, P. Kieseberg, and S. Tjoa, "The risks of the blockchain a review on current vulnerabilities and attacks," Journal of Internet Services and Information Security, Vol.10, Iss.3, pp.110-127, 2020.   DOI
5 J. H. Lee, "Systematic approach to analyzing security and vulnerabilities of blockchain systems," Massachusetts Institute of Technology, Diss, 2019.
6 N. Amiet, "Blockchain vulnerabilities in practice," Digital Threats: Research and Practice, Vol.2, Iss.2, pp.1-7, 2021.   DOI
7 M. Al. Ketbi, K. Shuaib, E. Barka, and M. Gergely, "Es-tablishing a security control framework for blockchain technology," Interdisciplinary Journal of Information, Knowledge, and Management, Vol.16, pp.307, 2021.
8 T. Hardjono, A. Lipton, and A. Pentland, "A contract service provider model for virtual assets," The Journal of FinTech, Vol.1, No.2, Iss.2150004, 2022.
9 V. Tumas, R. Norvill, D. Magoni, and R. State, "VaVite: Verifiable information exchange for virtual asset service providers," 2020 Principles, Systems and Applications of IP Telecommunications (IPTComm), pp.1-8, 2020.
10 B. Y. Kim, "Positions and responses of major countries on cryptocurrency," in Capital Market Focus, Korea Capital Market Institute, Vol.25, 2017.
11 T. Hardjono, A. Lipton, and A. Pentland, "Toward a public-key management framework for virtual assets and virtual asset service providers," The Journal of FinTech, Vol.1, No.1, Iss.2050001, 2021.
12 T. Hardjono, "Future directions for regulated private wallets and VASP trust infrastructures," 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp.1-3, 2021.
13 G. Soana, "Regulating cryptocurrencies checkpoints: Fighting a trench war with cavalry?," Economic Notes, Vol.51, No.1, 2022.
14 CoinMarketCap, All Cryptocurrencies [Internet], https://coinmarketcap.com/all/views/all/.
15 C. Decker and R. Wattenhofer, "Bitcoin transaction malle-ability and MtGox," In European Symposium on Research in Computer Security, Springer, Cham, pp.313-326, 2014.
16 Korea Internet & Security Agency, Introduction of the certification system [Internet], https://isms.kisa.or.kr/main/isms/intro/.
17 Y. Tsuchiya and N. Hiramoto, "How cryptocurrency is laundered: Case study of Coincheck hacking incident," Forensic Science International: Reports, Vol.4, Iss.100241, 2021.
18 Korea Internet & Security Agency, Announcement of detailed inspection items for ISMS for virtual asset business [Internet], https://isms.kisa.or.kr/main/ispims/notice/?boardId=bbs_0000000000000014&mode=view&cntId=12.
19 ISO, ISO 31000:2018(en) Risk management - Guidelines, https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en.
20 S. Nakamoto, "A peer-to-peer electronic cash system," Decentralized Business Review, pp.21260, 2008.
21 Y. Maleh, M. Shojafar, M. Alazab, and I. Romdhani, "Blockchain for cybersecurity and privacy: Architectures, challenges, and applications," Eds., CRC Press, 2020.
22 R. Zhang, R. Xue, and L. Liu, "Security and privacy on blockchain," ACM Computing Surveys (CSUR), Vol.52, Iss.3, pp.1-34, 2019.
23 H. Poston, "Mapping the OWASP top ten to blockchain," Procedia Computer Science, Vol.177, pp.613-617, 2020.   DOI
24 G. Bello and A. J. Perez, "Adapting financial technology standards to blockchain platforms," Proceedings of the 2019 ACM Southeast Conference, pp.109-116, 2019.
25 T. Hardjono, A. Lipton, and A. Pentland, "Privacy-preserving claims exchange networks for virtual asset service providers," 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp.1-8, 2020.
26 T. Hardjono, "Attestation infrastructures for private wallets," arXiv preprint arXiv:2102.12473, 2021.
27 CoinMarketCap, Bitcoin [Internet], https://coinmarket-cap.com/currencies/bitcoin/.
28 CoinMarketCap, Top Cryptocurrency Spot Exchanges [Internet], https://coinmarketcap.com/rankings/exchanges/
29 Strategy and Finance Committee, "Analysis of government audit issues," National Policy Committee, Vol.4, 2020.
30 Korea Ministry of Government Legislation, Act on Promotion of Information and Communications Network Utilization and Information Protection, [Internet], https://www.law.go.kr/%EB%B2%95%EB%A0%B9/%EC%A0%95%EB%B3%B4%ED%86%B5%EC%8B%A0%EB%A7%9D%EC%9D%B4%EC%9A%A9%EC%B4%89%EC%A7%84%EB%B0%8F%EC%A0%95%EB%B3%B4%EB%B3%B4%ED%98%B8%EB%93%B1%EC%97%90%EA%B4%80%ED%95%9C%EB%B2%95%EB%A5%A0/(20211209,18201,20210608)/%EC%A0%9C47%EC%A1%B0.
31 A. Mense and M. Flatscher, "Security vulnerabilities in ethereum smart contracts," Proceedings of the 20th International Conference on Information Integration and Web-based Applications & Services, pp.375-380, 2018.
32 CryptoCurrencyCertificationConsortium, Crpto Currency Security Standard [Internet], https://cryptoconsortium.github.io/CCSS/.
33 I. S. Choi, "A study on the regulation of risks associated with the use of virtual currencies," Ph.D. dissertation, Yonsei University Law School, Seoul, Republic of Korea, 2019.
34 J. Bucko, D. Palova, and M. Vejacka, "Security and trust in cryptocurrencies," Central European Conference in Finance and Economics, pp.14-24, 2015.