Blockchain and deep learning

9/3/20199/3/2019 44
Dr. Katalin Szenes CISA, CISM, CGEIT, CISSP
Bence Tureczki
OE-NIK
Blockchain basics, applicationsBlockchain basics, applications
(Egy blokkláncot használó módszer a megbízhatóság támogatására)(Egy blokkláncot használó módszer a megbízhatóság támogatására)
Katalin Szenes, Bence TureczkiKatalin Szenes, Bence Tureczki

9/3/20199/3/2019 44
part 1 - authors’ comments

9/3/20199/3/2019 44
“The followings represent my personal opinion on / interpretation of the subject
Some results of my research are also included, of course, in a marked way
Neither ISACA nor ITGI, NIST, nor the other professional organizations quoted here are liable for the
followings or would be bound any way by its contents
A következők saját személyes véleményemet és értelmezésemet tükrözik
Néhány kutatási eredményem is szerepel itt, természetesen jelölve
Sem az ISACA, sem az ITGI, NIST, sem a többi, itt idézett szakmai szervezet nem felelős az itt
következőkért, amely számukra semmilyen kötelmet nem jelent
My English formulation doesn't always follows the original either
Angol fogalmazásom sem mindig egyezik az eredetivel”
- Katalin Szenes
disclaimerdisclaimer

9/3/20199/3/2019 44
“The followings represent my personal opinion on / interpretation of the subject
Some results of my research are also included, of course, in a marked way
Neither ISACA nor ITGI, NIST, nor the other professional organizations quoted here are liable for the
followings or would be bound any way by its contents
A következők saját személyes véleményemet és értelmezésemet tükrözik
Néhány kutatási eredményem is szerepel itt, természetesen jelölve
Sem az ISACA, sem az ITGI, NIST, sem a többi, itt idézett szakmai szervezet nem felelős az itt
következőkért, amely számukra semmilyen kötelmet nem jelent
My English formulation doesn't always follows the original either
Angol fogalmazásom sem mindig egyezik az eredetivel”
- Bence Tureczki
disclaimerdisclaimer

9/3/20199/3/2019 44
 the goals of this presentation are to explain:
 some reasons why blockchain might interest a company
 some possible, useful connections of blockchain and artificial intelligence
 for some of the possible blockchain - AI connections
describe some possible results
in order to serve the reliability (operational excellence criteria)
to give information
 sources and tools for people who would like to learn / work with
blockchain and / or artificial intelligence
the goals of the presentationthe goals of the presentation

9/3/20199/3/2019 44
 the information discussed in this presentation is valid considering the majority of public
blockchain implementations
 for example: Bitcoin, Ethereum, Litecoin...etc.
 but might not be true in certain other implementations
 for example: Telegram’s TON, blockchains using the so-called functionality-preserving
local erasure solution...etc.
the goals of the presentationthe goals of the presentation

9/3/20199/3/2019 44
 cryptocurrencies are, for example:
 Bitcoin (BTC)
 Ethereum (ETH)
 EOSIO (EOS)
 cryptocurrency networks nowadays,
in most cases, are implemented using blockchain databases
why arewhy are cryptocurrenciescryptocurrencies interesting nowadays?interesting nowadays?

9/3/20199/3/2019 44
 cryptocurrencies are important because:
 they can be anonymous payment options
 there are products, that can be purchased only for cryptocurrency
 they are fashionable
dealing with cryptocurrencies can be a business advantage
in some of the ransomware threats
 ...etc.
 some of the biggest corporations in the world have cryptocurrency-related developments
already (Microsoft[microsoft], Google[google], IBM[ibm], Facebook[facebook]...etc.)

9/3/20199/3/2019 44
 banks:
 the customer is known
 the balance is secret
 crypto:
 the customer is "represented by" a private key
 everybody can see the balance
 this transparency is believed to ensure the existence of this property
 acceptance of the data validity: depends on the given user's taste
 EU: hesitation and disturbance
 to rule, or not to rule - that is the question
 plans to regulate, because of anonymity --> money laundering, terrorists, etc
 EU-wide blockchain?
 a reliable, transparent and EU law compliant "data and transactional
environment."[blockchain]

9/3/20199/3/2019 44
 USA: SEC against, while NYSE for
 Public Statement of the SEC Chairman, Jay Clayton,
11 Dec. 2017:
"A number of concerns have been raised regarding the cryptocurrency and
ICO markets, including that, as they are currently operating, there is
substantially less investor protection than in our traditional securities
markets, with correspondingly greater opportunities for fraud and
manipulation."[sec]
but:
 New York Stock Exchange launches bitcoin pricing index NYXBT[nyse]

9/3/20199/3/2019 44
 smart contract: The smart contract is a set of if... then... else... rules defined by an entity who
can write these rules using any arbitrarily chosen programming language. Then this entity can
upload this set onto a node of the peer-to-peer network of a cryptocurrency. where each node
will execute one or more operations when one or more condition is / are met. {smart contract}
Before Satoshi Nakamoto’s Bitcoin...
qqq Hungarian relation:
 in 1998 Nicholas Szabo described “bit gold”
mechanism for a decentralized digital currency{decentralized}
first smart contracts
smart contractsmart contract

9/3/20199/3/2019 44
part 1 - authors’ comments
 disclaimer
 the goals of the presentation
 why are cryptocurrencies interesting nowadays?
 table of contents
 notations
table of contenttable of contentss

9/3/20199/3/2019 44
part 2 - blockchain basics
 the definition of blockchain
 the Merkle tree
 a part of the history of the blockchain - even the ancient greeks...
 a part of the history of the cryptocurrencies
 aspects of classification of blockchains
 the chosen kind of blockchains
 the goal of using the chosen blockchain
 some characteristics of such a database
 an individual block
 an individual transaction
 layers of the infrastructure
 groups of roles
further classification
who has to download the full database?
some of the possible intentions of a wallet-service user

9/3/20199/3/2019 44
part 3 - combination with artificial intelligence
 artificial intelligence, machine learning, deep learning
 some useful tools for development
 blockchain and artificial intelligence - intelligent clustering
 blockchain and artificial intelligence - intelligent search

9/3/20199/3/2019 44
part 4 - to serve reliability
 some of the connections of the corporate strategy
 operational excellence criteria
 the criterion to be served: reliability
 a possible implementation of intelligent clustering
 a possible implementation of intelligent search

9/3/20199/3/2019 44
part 5 - the blockchain, the GDPR, and the corporates
 concerns related to blockchain
 digital identity
 another legislation: EU directive GDPR
 USA approach to data privacy
 operational objectives, activities and pillars of operation in the GDPR compliance
 concerns of EPRS - European Parliaments Research Service
 the blockchain, the GDPR, and the corporates
 GDPR vs blockchain

9/3/20199/3/2019 44
part 6 - useful resources
 the presentation did not cover, but worth mentioning
 list of terms
 bibliography
 bibliography: blockchain and artificial intelligence
 bibliography: ISACA
 bibliography: COBIT
 bibliography: ISO
 bibliography: NIST
 bibliography: publications
 bibliography: others
 bibliography: contributions
table of contenttable of content

9/3/20199/3/2019 44
 between “[” and “]” symbols - reference to bibliography
 between “{” and “}” symbols - reference to glossary
 between “<” and “>” symbols - a term I created
 between “#” symbols - reference to slide-title
 color codes:
 red - something I chose from multiple options
 purple - something which is valid only in special cases
notationsnotations

9/3/20199/3/2019 44
part 2 - blockchain basics

9/3/20199/3/2019 44
qqq blockchain is a database type
qqq a blockchain type of database contains blocks, where
 each block contains:
the hash of the previous block
timestamp - unique with respect to blocks
a Merkle tree data structure of transactions
 and the blocks are ordered by their timestamp
 in ascending order
 into a singly linked list data structure
the definition of blockchainthe definition of blockchain{blockchain database type}{blockchain database type}

2019.08.28.2019.08.28. ‹#›‹#›
 a Merkle tree is a tree data structure
 each non-leaf node contains the hash of its child nodes
 each leaf node contains arbitrary data
 in the cryptocurrencies,
this data is the information of a transaction
 all the leaf nodes are at the same depth
 advantages:
 any alteration in any leaf can be detected
as soon as checking the data of the root node
 usually the altered node(s) can be found faster in this structure
than in a list, array, vector...etc.
the Merkle treethe Merkle tree

2019.08.28.2019.08.28. ‹#›‹#›
the Merkle treethe Merkle tree
root node:
the hash of the
node 5 and 6
node 6:
the hash of the
node 3 and 4
node 5:
the hash of the
node 1 and 2
...
node 2:
transaction 2
node 1:
transaction 1
node 4:
transaction 4
node 3:
transaction 3 ...

9/3/20199/3/2019 44
 the hash function is the same as the link function
 the first / top element is called as: genesis block
 the younger a block is, the further it is located from the genesis block
{genesis block}
the definition of blockchainthe definition of blockchain{blockchain database type}{blockchain database type}
genesis / firstgenesis / first
blockblock
second blocksecond block third blockthird block ......

9/3/20199/3/2019 44
qqq an ancient business need: a system that contains documents ordered in time, where the time,
once set, can not be altered
qqq
qqq database types that might be suitable: key-value, document, graph, wide column, relational,
blockchain,...etc.
qqq a database of blockchain type serves this ancient business need by design
 this is an advantage
qqq the databases of the mentioned other types require additional efforts,
for example:
 constraints
 scripts
 definitions
 ....etc.
a part of the history of the blockchain - even the ancienta part of the history of the blockchain - even the ancient GGreeks...reeks...

9/3/20199/3/2019 44
qqq to serve the mentioned business need
 Bayer, Dave; Haber, Stuart; Stornetta, W. Scott conceptualized blockchain
 between 1991-1993
qqq an early description of the concept is found in their work:
 Improving the Efficiency and Reliability of Digital Time-Stamping (1993)
 it can be read legally, free of charge at:
https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.4891
a part the history of the blockchain - even the ancient greeks...a part the history of the blockchain - even the ancient greeks...[concept_blockchain][concept_blockchain]

9/3/20199/3/2019 44
qqq the cryptocurrency{cryptocurrency} coin is a series of bits
qqq that is a result of the execution of certain algorithm or that of a series of algorithms
qqq token: A token is a cryptocurrency, without dedicated network / blockchain database, that uses
the blockchain database of another cryptocurrency. #aspects of classification of blockchains#
qqq the economists and those, who deal with cryptocurrencies call the cryptocurrency
 as a medium of exchange [medium]
 to this "medium" cryptography is necessary, in
the transaction process
controlling the creation of coins or tokens
securing the revenues of the users
qqq some cryptocurrencies came earlier than the invention of the blockchain-type database
a part of the history of the cryptocurrenciesa part of the history of the cryptocurrencies

9/3/20199/3/2019 44
qqq in 1983 David Chau’s wrote about “eCash”
 micropayment system
 having all the necessary cryptocurrency characteristics
 a functional implementation was running
from 1995 to 1998
qqq ...
qqq Hungarian relation:
 in 1998 Nicholas Szabo described “bit gold”
mechanism for a decentralized digital currency{decentralized}
first smart contracts
 ...
 in 2008 the entity known as Satoshi Nakamoto explained Bitcoin
 connected his own cryptocurrency to the blockchain-type database
a part of the history of the cryptocurrenciesa part of the history of the cryptocurrencies[history_cryptocurrency][history_cryptocurrency]

9/3/20199/3/2019 44
 access to the database
 block creation
 contributors’ <reward>
 alteration options
 ...etc.
It is possible for a blockchain to be member of multiple classes for any aspect!
aspects of classification of blockchainsaspects of classification of blockchains

9/3/20199/3/2019 44
 access to the database
 private
 public

9/3/20199/3/2019 44
 block creation
 proof-of-work {proof-of-work blockchain database}
using mining {mining}
 proof-of-stake {proof-of-stake blockchain database}
using forging {forging}
 proof-of-burn {proof-of-burn blockchain database}
using burning {burning}
 ...etc.

9/3/20199/3/2019 44
 there are options to alter a blockchain database:
 forking {forking}
 rollback {rollback}
 functionality-preserving local erasure [fple]{fple}
 ...etc.
 but they are rarely used nowadays in most of the public blockchains

9/3/20199/3/2019 44
 contributors’ <reward>:
 cryptocurrency
 token {token}
 ...etc.
 or nothing

9/3/20199/3/2019 44
 in this presentation we are dealing with public blockchains
 proof-of-work blockchain databases
only with rollback and forking alteration options
for example the blockchains of the cryptocurrency networks:
- Bitcoin (BTC)
- Ethereum (ETH)
- Litecoin (LTC)
- ...etc.
the chosen kind of blockchainsthe chosen kind of blockchains

9/3/20199/3/2019 44
 “decentralized” there is no central, official supervision (?)
 actually: it is difficult, but not impossible for an entity to take over
 a blockchain database has many copies on many computers
 the most important control measure (restricted to this case), contributes to
the integrity and
the confidentality of the stored information
some characteristics of such a databasesome characteristics of such a database

9/3/20199/3/2019 44
 distributed {distributed}
 peer-to-peer database {peer-to-peer}
 everybody sees both the same
 open, and
 encrypted content of every block
the encrypted content is meaningless without the key
this encryption is symmetric
some characteristics of such a databasesome characteristics of such a database

9/3/20199/3/2019 44
 some of the potentially necessary parts of a block
 block header:
cryptocurrency version number
the hash of the previous block
the hash of this block: the root of the Merkle tree
of the transactions of this block
timestamp - unique with respect to blocks,
( this timestamp is not unique to the transactions! )
the number of the bits of the target number to be found by the miners
nonce
 in most cases:
the Merkle tree of the transactions of this block
 the hashing algorithm usually hashes the block header
an individual blockan individual block

9/3/20199/3/2019 44
 some of the potentially necessary parts of a transaction:
 the hash of this transaction
 input address
 input value
 output address(es)
output value per address
 timestamp - unique with respect to transactions
( this timestamp is not the same as the block-timestamp! )
 size
an individual transactionan individual transaction

9/3/20199/3/2019 44
qqq hardware
 computers (not only PC! dedicated mining hardware included)
 routers
 switches
 cables
 ....etc.
qqq software (optional in some cases)
 operation systems
Windows: 7, 8, 10...etc.
Linux: Ubuntu 18, Red Hat Enterprise 8....etc.
macOS: Sierra, High Sierra, Mojave....etc.
...etc.
 ...etc.
layers of the infrastructurelayers of the infrastructure

9/3/20199/3/2019 44
qqq database
 any kind of blockchain
see the “aspects of classification of blockchains” chapter!
 ...etc.
 data
 coins
 tokens
 blocks
 ...etc.

9/3/20199/3/2019 44
qqq application:
 node program
 mining program
 forging program
 wallet program
 ...etc.
qqq human
qqq ...etc.

9/3/20199/3/2019 44
groups of rolesgroups of roles
people with access to at least one blockchain database
( using a free application )
node owners
owners of nodes of multiple networks

9/3/20199/3/2019 44
qqq miner: A miner is such a node of the network of a proof-of-work blockchain database, that is
mining using this network's mining algorithm. {miner}
qqq forger: A forger is such a node of the network of a proof-of-stake blockchain database, that is
forging using this network's forging algorithm. {forger}
qqq service-provider: If an entity has at least one node in the network of at least one blockchain
database, and this entity executes operations in this blockchain database on behalf of other
entities, that do not necessarily have any node, is called to be a service provider. Among others,
cryptocurrency-wallets, mining and forging can be provided as services. {service-provider}
further classificationfurther classification

9/3/20199/3/2019 44
qqq cryptocurrency-exchange: If an entity is a service provider, and it makes possible for other
entities to exchange, usually for a fee, between at least one currency-pair where at least one
member of the pair is a cryptocurrency, this entity is called to be a (cyptocurrency-)exchange.
{cryptocurrency-exchange}
qqq blockchain-developer: If someone contributes to the source code of any blockchain database
program, she / he can be named as a (blockchain-) developer. {blockchain-developer}

9/3/20199/3/2019 44
qqq wallet service user: A wallet service user trusts a (wallet-)service provider to deal with this
user’s revenue. Thus, the provider might send and receive cryptocurrency amounts on behalf of
this user, who also has the option to withdraw the revenue from the provider onto an address
given by this user. After a user withdrew her/his revenue from a provider, that provider can not
deal with this revenue on behalf of this user anymore. {wallet-service user}

9/3/20199/3/2019 44
node owners
people without any
node
owners of nodes of
multiple networks
owners of nodes of
a single network
mining program
operators
miners, exchanges miners
mining service
users
forging program
operators
forgers, exchanges forgers
forging service
users
people without
forging/mining
program
exchanges node owners wallet service users

9/3/20199/3/2019 44
qqq miners, forgers and exchanges have to download the full blockchain database
qqq other node owners can choose how much of the blockchain they would like to download
 if a node-owner downloads the full blockchain, she/he becomes a full-node owner
some advantages: opportunity to mine/forge, a trusted copy of the database, option for
custom back-ups...etc.
qqq services are popular because the service-users, as defined here, do not have to download the full
blockchain database
who has to download the full blockchain?who has to download the full blockchain?

9/3/20199/3/2019 44
qqq a wallet-service user might want to:
 send
 receive
 withdraw cryptocurrency
 ...etc.
some of the possible intentions of a wallet-service usersome of the possible intentions of a wallet-service user

9/3/20199/3/2019 44

9/3/20199/3/2019 44
If the receiver-user is a wallet-service user,
then the milestones of the information-flow could be:
1 the sender-user's computer >>
2 the web-server of the sender-user's wallet-service provider>>
3 a node of the sender-user's wallet-service >>
4 all the nodes of the network of the blockchain (including the receiver’s node) >>
5 a node of the receiver-user's wallet-service provider >>
6 the web-server of the receiver-user's wallet-service provider >>
7 the receiver-user's computer

9/3/20199/3/2019 44
some of the phases of the processing of the transaction
on the node of the sender-user's wallet-service:
1 a new transaction is created and signed using the sender-user's private key
2 this transaction gets a timestamp (creation-time), amount, and fee among other parameters
3 this node communicates the transaction to some of the other nodes in the same network
3.1 who then propagate it to even more nodes, who then propagate it further...
3.1.1 each of the miners tries to validate the transaction
3.1.2 if the transaction is found valid, the node writes it into the newest block-in-progress
3.1.2 if the transaction is not valid, the node throws it away

9/3/20199/3/2019 44
then on all the miners of the network:
4 each miner tries to find the proof-of-work target number
4.1 if the miner finds the target number, propagates the solution to some of the other nodes in the
same network
4.1.1 who then verify and propagate it to even more nodes, who then propagate it further...
only using the target number of a block can that block be added into the blockchain

9/3/20199/3/2019 44
part 3 - combination with artificial intelligence

9/3/20199/3/2019 44
qqq Turing test: Turing test is a specific test that was invented by Alan Turing in 1950 to test how
similar the exhibit intelligent behaviour of a robot is to that of a human {Turing test}
qqq artificial intelligence: Any program that can completely pass the Turing test is called be to an
artificial intelligence {artificial intelligence}
qqq machine learning: Any artificial intelligence that can improve the output of itself with respect to
(some of) the past output(s) is called to be a machine learning program, the process of this
improvement is called to be machine learning {machine learning}
qqq deep learning: Any machine learning program that uses an at least four-layer artificial neural
network to learn is named as a deep learning program, the network that the program uses is
called to be a deep neural network, and this process of machine learning is known as deep
learning {deep learning}
artificial intelligence, machine learning, deep learningartificial intelligence, machine learning, deep learning

9/3/20199/3/2019 44
qqq fuzzy neural network: A fuzzy neural network is an artificial neural network that uses fuzzy
logic in order to produce output(s) {fuzzy neural network}
qqq fuzzy logic: fuzzy logic is a mathetmatical set of tools to deal with uncertainty / fuzziness {fuzzy
logic}

9/3/20199/3/2019 44
Artificial Intelligence
Machine Learning
Deep Learning
Fuzzy neural network based
deep learning

9/3/20199/3/2019 44
some of the tools of IBM Watson studio:
qqq Blockchain Builder
mmm based on HyperLedger
www a set of open-source blockchain-templates - ready-made / prefabricated blockchains -
and development tools
qqq Neural Network Modeler
qqq Language Model Builder
some useful tools for developmentsome useful tools for development

9/3/20199/3/2019 44
some of the tools of IBM Watson studio:
qqq SPSS Modeler:
mmm tools of predictive analytics:
www searching data-patterns
www optimization of predictive-precision
some useful tools for developmentsome useful tools for development

9/3/20199/3/2019 44
qqq in reality, there are thousands of nodes in a
major cryptocurrency network
blockchain and artificial intelligence - intelligent searchblockchain and artificial intelligence - intelligent search

9/3/20199/3/2019 44
qqq the internet speed means a bottleneck for the
cryptocurrency network in processing a new
payment
So, if we look into any node,
we might not find the data about
a recent payment there yet.

9/3/20199/3/2019 44
qqq people who want to receive cryptocurrency payments need a convenient way to view them
qqq there are programs that let the users search payments among a large number of nodes
mmm these programs are called to be database explorers
www with the help of database explorers, an user can find recent payments sooner
www also, can see the data in a way that can be understood without being a technical person

9/3/20199/3/2019 44
qqq BLOCKCYPHER EXPLORER is an open-source database explorer

9/3/20199/3/2019 44
qqq eXpie is an artificial intelligence
qqq built using the chatbot builder toolset of IBM Watson Studio
qqq she can serve an extra program between an user and a database explorer
qqq with the help of eXpie, it is possible to learn data from one or more database explorers
qqq using natural human language

9/3/20199/3/2019 44
qqq the benefits of eXpie:
mmm using natural human language might be a convenient way to search for some data
mmm eXpie can „memorize” cryptocurrency addresses and connect them to names
mmm adding text-to-speech synthesis tools enables her to communicate „without touch”
mmm while driving/working out, people do not need to use their hands to learn about new
payments
mmm supports people living with some disability to use cryptocurrency payments
mmm no need to log in to a cryptocurrency wallet to see balance and payments

9/3/20199/3/2019 44
qqq order to recognise a cold-wallet of the exchange, we could examine their Bitcoin transactions
 we have knowledge of some of the characteristics of a cold-wallet
 also access to Big Data (according to our definition):
large amount of data
in many different formats
from many different public blockchain databases
qqq this knowledge guides us to answer questions like:
 “How many cold-wallet characteristics does the chosen wallet has?"
 “How many from these characteristics are true to known cold-wallets?”
 “How many clusters of similar addresses are there?”
 ...etc.
blockchain and artificial intelligence - intelligent clusteringblockchain and artificial intelligence - intelligent clustering

9/3/20199/3/2019 44
qqq answering the previously written questions is a so-called clustering problem
qqq a clustering problem might be solved using an artificial intelligence program

9/3/20199/3/2019 44
qqq this artificial intelligence program could use a fuzzy neural network
qqq advantages:
mmm no need to know how to solve the problem
mmm no need to know all the cold-wallet characteristics
mmm no need to know all the cold-wallets
mmm fuzzy neural network provides a measure of similarity
fuzzy membership degree

9/3/20199/3/2019 44
part 4 - to serve reliability

9/3/20199/3/2019 44
CISA – Certified Information Systems Auditor designator: ISACA
CISM - Certified Information Security Manager designator: ISACA
CGEIT - Certified in Governance Enterprise IT designator: ISACA
CISSP - Certified Information Security Professional designator: ISC2
ISC2: International Information Systems Security Certification Consortium,
founded in the USA, www.isc2.org
ISACA: information Systems Audit and Control Association, founded in the USA
www.isaca.org
 lectures at the Hungarian CISA Review Course from 1999
qqq 1999-2019 member of the Quality Assurance Team as Expert Reviewer of the
CISA Review Technical Information Manual © ISACA
 member of the Subject Matter Expert Team, as Expert Reviewer
 COBIT 5
 COBIT 2019
who am I?who am I?

9/3/20199/3/2019 44
 extended basic terms
 the basic pillars of institutional operation:
organization, regulation and technics
 based on the mutual connection between corporate strategy and security:
operational objective
contributes to its fulfillment: operational activity
 operational excellence criteria
some of the connections of the corporate strategysome of the connections of the corporate strategy[security][security]

9/3/20199/3/2019 44
 suggested "subgoals" to the strategic goals:
 the criteria of excellent governance
 asset handling excellence criteria
operational excellence criteriaoperational excellence criteria[security][security]

9/3/20199/3/2019 44
 availability
 integrity
 confidentiality
asset handling excellence criteriaasset handling excellence criteria[security][security]

9/3/20199/3/2019 44
 effectivity
 efficiency
 compliance
 reliability
 risk management excellence
 functionality
 order
the criteria of excellent governancethe criteria of excellent governance[security][security]

9/3/20199/3/2019 44
 reliability: “Reliability relates to the provision of appropriate information for management to
operate the entity and exercise its fiduciary and governance responsibilities.” {reliability}
 why did I chose reliability?
 result of our research: lack of reliability on the grey market[market]
 how did I find blockchain?
 blockchain can be a tool that contributes to the provision of appropriate information
the criterion to be served: reliabilitythe criterion to be served: reliability[security][security]

9/3/20199/3/2019 44
market classes
a possible implementation of intelligent clusteringa possible implementation of intelligent clustering

9/3/20199/3/2019 44
qqq for this example, I chose an imaginary cryptocurrency-exchange on the grey market
qqq if this exchange has a a cold-wallet, it might serve their reliability
qqq in order to recognise a cold-wallet of the exchange, we examine their Bitcoin transactions
 in the Bitcoin blockchain

9/3/20199/3/2019 44
qqq the input of the problem-solving program might involve:
 the timestamps of a set of transactions
 the sender / receiver address in each transaction
 the amounts of cryptocurrency
 ...etc.
qqq output:
mmm a set of clusters based on similarity between addresses
mmm the similarity of each address to the formerly added addresses of each cluster
mmm an educated guess on what public addresses might belong to the chosen organisation's cold-
wallet

9/3/20199/3/2019 44
qqq a possible visualisation of a possible result
mmm needed: from fuzzy to crisp transformation
putting each point into that one cluster
where it had the strongest membership ( a special maximum-search problem )

9/3/20199/3/2019 44
qqq a possible visualisation of a possible result
mmm each circle is a public address
mmm x axis (0-10): count of outgoing transactions
mmm y axis (0-10): count of incoming transactions
mmm z axis (0-10000): sum value
mmm of all the transactions

9/3/20199/3/2019 44
qqq some of the used resources of IBM Watson Studio:
mmm prefabricated language models
mmm visual neural network modeller
mmm ready-made web-chat interface
mmm application programming interface (API) of the search-component
www to connect the search-program onto the APIs of blockchain explorers
(using a C# program in-between)
mmm ...etc.
a possible implementation of intelligent searcha possible implementation of intelligent search

9/3/20199/3/2019 44
qqq the following is a short use-case illustration of the eXpie-idea
qqq in this illustration an eXpie user expects a payment from his friend „Lizzy”
qqq it is important to notice that eXpie memorizes cryptocurrency addresses
qqq these addresses are connected to names
qqq the AI can tell the details of a payment such as
mmm the sender’s name
mmm the payment date
mmm the new balance
qqq for this illustration BLOCKCYPHER and a chat dialog based on IBM Watson were used

9/3/20199/3/2019 44Katalin Szenes, Bence TureczkiKatalin Szenes, Bence Tureczki

9/3/20199/3/2019 44
qqq checking new payments using an explorer

9/3/20199/3/2019 44
qqq it was an illustration of the eXpie idea
qqq to develop a functional program further work is necessary
qqq should this presentation find a positive feedback, I will be motivated to continue the
development so that eXpie
mmm could become practically capable of doing what was mentioned so far
mmm try to detect patterns in the payments between addresses
mmm answer questions such as
www „Is there a payment between any two of my customers/providers?”
www „Who has paid the most to me so far?”
www „When did I have the highest balance this year and what was my balance in USD that
time?"
www …etc.

9/3/20199/3/2019 44
part 5 - the blockchain, the GDPR, and the corporates

9/3/20199/3/2019 44
instead of the good old Directive 95/46/EC of the European Parliament and of the Council of 24
October 1995 on the protection of individuals with regard to the processing of personal data and on
the free movement of such data
Official Journal L 281 , 23/11/1995 P. 0031 - 0050
GDPR is already effective from 2018
§§§ data transfer outside the EU
§§§ entities collecting data
§§§ data protection bodies
§§§ legislation, etc.
GDPR - cont'd ./.
another legislation: EU directive GDPRanother legislation: EU directive GDPR

9/3/20199/3/2019 44
Key changes to EU data protection introduced by the GDPR
(2016 / 679 EU)
More rigorous requirements for obtaining consent for collecting personal data.
Raising the age of consent for collecting an individual’s data from 13 to 16 years old.
Requiring a company to delete data if it is no longer used for the purpose it was collected.
Requiring a company to delete data if the individual revokes consent for the company to hold the
data.
Requiring companies to notify the EU government of data breaches in 72 hours of learning about the
breach.
Establishing a single national office for monitoring and handling complaints brought under the
GDPR.
Firms handling significant amounts of sensitive data or monitoring the behaviour of many
consumers will be required to appoint a data protection officer.
Fines up to € 20m or 4% of a company’s global revenue for its non-compliance.

9/3/20199/3/2019 44
Hungary: still a little confusion
some more details also see on my homepage:
Problems of Critical / Non-Critical Corporate Infrastructures
legislation - cont'd ./.

9/3/20199/3/2019 44
the first remark is:  kind of acknowledgment to the EU GDPR
ISACA:
7 privacy categories to be addressed by enterprises
ISC2:
influence of the GDPR to the USA data privacy culture
GLB - The Gramm-Leach Bliley Act 1999 -
The Financial Modernization Act of 1999
law on the modernization of finance:
on proper handling the cutomers' personal financial info
details: see MSc IS Audit transparents
USA approach to data privacyUSA approach to data privacy

9/3/20199/3/2019 44
objectives / activities (measures) on the pillars of operational excellence:
organizational, regulational, technical
organizational operational objectives & activities (measures):
privacy officer appointed
identification of related business processes ¢ related organizational units
where: customer data, or outsourced support are involved,
privacy-sensitive applications, etc.
join efforts with those dealing with regular obligatory / BCP-related risk assessment
¢ business process & business data privacy classification ¢ encryption?
regulational operational objectives & activities (measures):
procedural rulebook
handbook-like policy is not enough !
rules for the involved organizational units:
how to handle / what / who / permission / acknowledgment / when
operational objectives, activities and pillars of operation in the GDPRoperational objectives, activities and pillars of operation in the GDPR
compliancecompliance

9/3/20199/3/2019 44
technical control objectives & measures:
monitor the activities of the staff / access to sensitive systems / data
already at development phase, systems analysis knowledge is needed everywhere
organizational, regulational, and technical control objectives & measures:
incident handling
identity management
access right management / ! by business processes
joining efforts with PO (Privacy Officer) where needed:
introduce usable metrics for qualifying the level of enterprise privacy protection
(e.g. number of privacy-sensitive applications - join efforts with risk assessment
% of systems affected by incidents,
average time to recover, etc.)
tailoring incident handling to satisfy privacy issues, too
(special contact rules, communications plans & procedures, etc.)
operational objectives, activities and pillars of operation in the GDPRoperational objectives, activities and pillars of operation in the GDPR
compliancecompliance

9/3/20199/3/2019 44
tanulmány:
‘Blockchain and the GDPR – Can distributed ledgers be squared with European data protection
law?’.
jogérvényesítésért senkihez nem lehet fordulni
az adattörlési probléma
a GDPR megfelelés tanusítása
concerns of EPRS - European Parliaments Research Serviceconcerns of EPRS - European Parliaments Research Service

9/3/20199/3/2019 44
Calibra Facebook leányvállalat
27 másik szervezettel együtt megalapítja a Libra Association-t
Mastercard
Visa
Coinbase
Vodafone
stb.
az USA House Committee on Financial Services
az EU European Data Protection Supervisor testületnek fenntartásai vannak
az European Data Protection Supervisor-i testület kérdéseiből:
személyi információ védelme
milyen eszközöket kapnak a felhasználók a védelmükre
az adatkezelők azonosítása, és ígért irányelveik betartása
ellenőrzések, igazságszolgáltatási kapcsolat, stb.
adatok megosztása a tagok között
the blockchain, the GDPR, and the corporatesthe blockchain, the GDPR, and the corporates

9/3/20199/3/2019 44
 all the the transactions are open
 the sender can upload personal information in a transaction
 if the sender did not encrypt the personal information
 it will be open to the public semi-forever
 if the sender encrypted the personal information before upload
 and if everyone who has ever known throws away the key of the encryption
no one can recover the personal information from the uploaded data anymore (but
the uploaded data stays there semi-forever)
GDPR vs blockchainGDPR vs blockchain

9/3/20199/3/2019 44
 possible issues:
 someone might upload open personal information accidentally
who can undo it?
 everyone who has ever known might promise to throw away the key
who will guarantee it?
 if a company decides store some of their data in a public blockchain
does everyone who needs that data know how to read it?
GDPR vs blockchainGDPR vs blockchain

9/3/20199/3/2019 44
qqq organizations
 European Committee for Standardization (CEN)
 European Committee for Electrotechnical Standardization (CENELEC)
 European Free Trade Association (EFTA)
digital identitydigital identity[eublockchain][eublockchain]

9/3/20199/3/2019 44
qqq standards & regulations
 Electronic Identification, Authentication and Trust Services (eIDAS)
full title: Regulation (EU) No 910/2014 of the European Parliament and of the Council of
23 July 2014 on electronic identification and trust services for electronic transactions in
the internal market and repealing Directive 1999/93/EC

9/3/20199/3/2019 44
qqq problem 1
 need of credentials
possibility of proving ownership over it
qqq problem 2
 the current digital identity landscape is extremely fragmented
qqq problem 3
 confidentality, stealing, data breach

9/3/20199/3/2019 44
qqq problem 4
 not possible to verify the identity of the participants
qqq problem 5
 how to identify the citizens of the state
qqq problem 6
 weak connection between digital / offline

9/3/20199/3/2019 44
part 6 - useful resources

9/3/20199/3/2019 44
qqq altcoin
qqq the double-spend problem
qqq HyperLedger
qqq supervised machine learning
qqq linear regression
qqq ...etc.
the presentation did not cover, but worth mentioningthe presentation did not cover, but worth mentioning

9/3/20199/3/2019 44
qqq blockchain database type: A database is blockchain database if it contains blocks, where each
block contains: the hash of the previous block, an unique timestamp, a Merkle tree data
structure of transactions, and the blocks are ordered by their timestamp, in ascending order,
into a singly linked list data structure. The hash function is the same as the link function. The
first / top element is called to be: genesis block. The younger a block is, the further it is located
from the genesis block. [definition_blockchain] #the definition of blockchain#
qqq genesis block: The first / top block of a blockchain database is called to be genesis block.
[definition_blockchain] #the definition of blockchain#
qqq cryptocurrency: A cryptocurrency is adigital medium of exchange that uses cryptography to
execute transactions, control the creation of additional units, and to secure the revenues of the
users. [definition_medium] #the history of cryptocurrencies#
list of termslist of terms

9/3/20199/3/2019 44
qqq decentralized database: A decentralized database can not be controlled by a single entity. #the
history of cryptocurrencies#
qqq reliability: “Reliability relates to the provision of appropriate information for management to
operate the entity and exercise its fiduciary and governance responsibilities.”[security]#the
criteria to be served: reliability#
qqq mining algorithm: A mining algorithm is such an algorithm, that is trying to find a number
using brute-force method, where the number to be found has certain characteristics defined by
the miners of the blockchain's network. The more work a miner does, the more probable, that
the miner will find the number earlier than other miners.
qqq mining: Mining is the process of executing a mining algorithm. #aspects of classification of
blockchains#

9/3/20199/3/2019 44
qqq miner: A miner is such a node of the network of a proof-of-work blockchain database, that is
mining using this network's mining algorithm. #groups of roles#
qqq proof-of-work blockchain database: In a proof-of-work blockchain database, the more work the
miners of a block to be added to the blockchain database do, the more probable, that their block
will be added into the database next. If a node writes a block first onto the blockchain, that
node earns some units of cryptocurrency / token. #aspects of classification of blockchains#
qqq forging algorithm: A forging algorithm is such an algorithm, that is trying to find a number
using brute-force method, where the number to be found has certain characteristics, where
these characteristics were defined by the blockchain's network, which network uses this forging
algorithm. The more revenue a forger has, and the longer this forger had this revenue, the more
probable, that the forger will find the number.
qqq forging: Forging is the process of executing a forging algorithm. #aspects of classification of
blockchains#

9/3/20199/3/2019 44
qqq forger: A forger is such a node of the network of a proof-of-stake blockchain database, that is
forging using this network's forging algorithm. #groups of roles#
qqq proof-of-stake blockchain database: In a proof-of-stake blockchain database, the more revenue
the forgers of a block have, and the longer these forgers had this revenue, the more probable,
that their block will be added into the database next. If a node writes a block first onto the
blockchain, that node earns some units of cryptocurrency / token. #aspects of classification of
blockchains#
qqq proof-of-burn blockchain database: In a proof-of-burn blockchain database, the more revenue
the burners of a block burn, the more probable, that their block will be added into the database
next. If a node writes a block first onto the blockchain, that node earns some units of
cryptocurrency / token. #aspects of classification of blockchains#
qqq burning: Burning is the process of sending revenue onto a public address / key with no known
private key. #aspects of classification of blockchains#

9/3/20199/3/2019 44
qqq burner: A burner is such a node in the network of a proof-of-burn blockchain database, that is
burning into order to get the opportunity to write the next block first into the database.
qqq forking: When a subset of the nodes of the network of a blockchain database stops contributing
in that network, and start contributing in such an other network, where the blockchain
database of that other network contains the same blocks, up to the time of forking, as the
blockchain database of the original network. #aspects of classification of blockchains#
qqq fple: Functionality-preserving local erasure is a method-idea, proposed by Martin Florian,
Sophie Beaucamp, Sebastian Henningsen, Björn Scheuermann, in order to delete data from the
nodes of the network of a blockchain database. [fple] #aspects of classification of blockchains#
qqq rollback: Executing a rollback means throwing all those blocks of a blockchain database, whose
timestamps are newer than the reference timestamp chosen by the entity or entities who is / are
rolling back that blockchain. #aspects of classification of blockchains#

9/3/20199/3/2019 44
qqq token: A token is a cryptocurrency, without dedicated network / blockchain database, that uses
the blockchain database of another cryptocurrency. #aspects of classification of blockchains#
qqq distributed database: A distributed database is where there are multiple storage devices and not
all of them are served by the same processor. #some characteristics of such a database#
qqq peer-to-peer database: A peer-to-peer database is a kind of distributed database where the
storage devices are equally privileged. The set of the storage devices of a peer-to-peer database
is called to be peer-to-peer network where the storage devices are the nodes and they are named
as peers. #some characteristics of such a database#

9/3/20199/3/2019 44
qqq service-provider: If an entity has at least one node in the network of at least one blockchain
database, and this entity executes operations in this blockchain database on behalf of other
entities, that do not necessarily have any node, is called to be a service provider. Among others,
cryptocurrency-wallets, mining and forging can be provided as services. #groups of roles#
qqq cryptocurrency-exchange: If an entity is a service provider, and it makes possible for other
entities to exchange, usually for a fee, between at least one currency-pair where at least one
member of the pair is a cryptocurrency, this entity is called to be a (cyptocurrency-)exchange.
#groups of roles#
qqq blockchain-developer: If someone contributes to the source code of any blockchain database
program, she / he can named as a (blockchain) developer. #groups of roles#

9/3/20199/3/2019 44
qqq wallet service user: A wallet service user trusts a (wallet-)service provider to deal with this
user’s revenue. Thus, the provider might send and receive cryptocurrency amounts on behalf of
this user, who also has the option to withdraw the revenue from the provider onto an address
given by this user. After a user withdrew her/his revenue from a provider, that provider is not
able to deal with this revenue on behalf of this user anymore. #some of the possible intentions of
a wallet-service user#
qqq smart contract: The smart contract is a set of if... then... else... rules defined by an entity who
can write these rules using any arbitrarily chosen programming language. Then this entity can
upload this set onto a node of the peer-to-peer network of a cryptocurrency. where each node
will execute one or more operations when one or more condition is / are met. #smart contract#

9/3/20199/3/2019 44
qqq Turing test: The Turing test is a specific test that was invented by Alan Turing in 1950 to test
how similar the exhibit intelligent behaviour of a robot is to that of a human #artificial
intelligence, machine learning, deep learning#
qqq artificial intelligence: Any program that can completely pass the Turing test is called be to an
artificial intelligence #artificial intelligence, machine learning, deep learning#
qqq machine learning: Any artificial intelligence that can improve the output of itself with respect to
(some of) the past output(s) is called to be a machine learning program, the process of this
improvement is called to be machine learning #artificial intelligence, machine learning, deep
learning#
qqq deep learning: Any machine learning program that uses an at least four-layer artificial neural
network to learn is named as a deep learning program, the network that the program uses is
called to be a deep neural network, and this process of machine learning is known as deep
learning #artificial intelligence, machine learning, deep learning#

9/3/20199/3/2019 44
qqq fuzzy neural network: A fuzzy neural network is an artificial neural network that uses fuzzy
logic in order to produce output(s) #artificial intelligence, machine learning, deep learning#
qqq fuzzy logic: fuzzy logic is a mathetmatical set of tools to deal with uncertainty / fuzziness
#artificial intelligence, machine learning, deep learning#

9/3/20199/3/2019 44
 [definition_blockchain] Andreas Antonopoulos: Mastering Bitcoin, chapter 7: The Blockchain,
https://www.oreilly.com/library/view/mastering-bitcoin/9781491902639/ch07.html (08-14-2019)
 [concept_blockchain] Dave Bayer, W. Scott Stornetta , Stuart Haber: Improving the Efficiency
and Reliability of Digital Time-Stamping, 1993,
https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.4891 (08-14-2019)
 [definition_medium] Bill Z. Yang: The American Economist; Vol. 51; No. 2; pp. 101-104; Sage
Publications, Inc.; 2007
 [history_cryptocurrency] Ian Grigg: A Quick History of Cryptocurrencies BBTC — Before
Bitcoin; https://bitcoinmagazine.com/articles/quick-history-cryptocurrencies-bbtc-bitcoin-
1397682630 (08-15-2019)
bibliography: blockchain and artificial intelligencebibliography: blockchain and artificial intelligence

9/3/20199/3/2019 44
 [fple] Martin Florian, Sophie Beaucamp, Sebastian Henningsen, Björn Scheuermann: Erasing
Data from Blockchain Nodes; https://arxiv.org/abs/1904.08901 (08-15-2019)
[eublockchain] Tom Lyons, Ludovic Courcelas, Ken Timsit: Blockchain and digital identity;
https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf (08-22-2019)

9/3/20199/3/2019 44
 [security] Katalin Szenes: Information Security and Audit of Financial Institutions,
http://users.nik.uni-obuda.hu/szenes/Szenes-InfSecAudFinInst.pdf, p69-72 (08-01-2019)
 [market] Bence Tureczki: Battle against fake programs in the cloud-based digital grey market,
Consultants: Szenes K., Légrádi G., 2019/2 TDK, Óbuda University
 [microsoft] Alexandra Sayapina: IOTA Partners with Microsoft to Launch First Cryptocurrency
Marketplace for IoT Industry, https://www.coinspeaker.com/iota-partners-microsoft-launch-first-
cryptocurrency-marketplace-iot-industry/ (08-11-2019)
 [google] Hank Tucker: Google Integrates Cryptocurrency Project With New Smart Contract
Tool, https://www.forbes.com/sites/hanktucker/2019/06/13/google-integrates-cryptocurrency-project-
with-new-blockchain-oracle/#3be34f6461dd (08-11-2019)

9/3/20199/3/2019 44
 [ibm]Rachel Wolfson: IBM Launches A Blockchain-Based Global Payments Network Using
Stellar's Cryptocurrency, https://www.forbes.com/sites/rachelwolfson/2019/03/18/ibm-launches-a-
blockchain-based-global-payments-network-using-stellars-cryptocurrency/#40a473b353ec (08-11-
2019)
[facebook] Joseph Young: Facebook’s cryptocurrency Libra whitepaper reveals blockbuster
partnerships, https://cryptoslate.com/facebooks-cryptocurrency-libra-whitepaper-reveals-
blockbuster-partnerships/ (08-11-2019)

9/3/20199/3/2019 44
 [blockchain] Sujha Sundararajan: European Commission to Assess Potential of EU-Wide
Blockchain Infrastructure, https://www.coindesk.com/european-commission-to-assess-potential-of-
eu-wide-blockchain-infrastructure/ (08-12-2019)
[sec] Jay Clayton: Statement on Cryptocurrencies and Initial Coin Offerings,
https://www.sec.gov/news/public-statement/statement-clayton-2017-12-11 (08-12-2019)
[nyse] Jessie Willms: New York Stock Exchange Launches Bitcoin Pricing Index NYXBT,
https://bitcoinmagazine.com/articles/new-york-stock-exchange-launches-bitcoin-pricing-index-
nyxbt-1432068688/ (08-12-2019)

9/3/20199/3/2019 44
ISACA - Information Systems Audit and Control Association
founded in: 1969 - the knowledge center of ISACA: ISACF
ISACA Journal
időként változik a címe
reference manuals: CISA, CISM, stb.
1999-től évente, a CRM 2011 kivételével
expert reviewer-ként szolgálok, a Quality Assurance Team-ben:
1998 - 2019 CISA Review Technical Information Manual
published yearly; editor: ISACA
a legutóbbi CISA kézikönyv verzió:
CISA Review Manual 27th
edition
Updated for 2019 Job Practice
Copyright © 2019 ISACA
1700 E. Golf Road, Suite 400, Schaumburg IL 30173 USA
 ISBN 978-1-60420-767-5
bibliography: ISACAbibliography: ISACA

9/3/20199/3/2019 44
ISACA - cont'd
[COBIT 5, 2013] COBIT 5: Enabling Information COBIT 5® An ISACA Framework
ISBN 978-1-60420-350-9
2019-től, ebben a könyvben az ISACA-nak már ÚJ CÍME VAN:
1700 E. Golf Road Suite 400
Schaumburg, IL 60173, USA
[COBIT 2019, 2018, Gov] COBIT 2019 Framework: Governance and Management Objectives
ISBN 978-1-60420-728-6
[COBIT 2019, 2018, Intro] COBIT 2019 Framework: Introduction and Methodology
ISBN 978-1-60420-644-9
ISACA bookstore!

9/3/20199/3/2019 44
ISACA - cont'd
the ISACA methodology: COBIT - Control OBjectives for IT
életciklus:
COBIT 1998 indulás - 2019 update
2011-től szolgálok, expert reviewer-ként,
a COBIT 5-nél: SME: Subject matter Expert csoport
a COBIT 2019-nél:Expert Reviewer munkacsoport
[COBIT 5, 2012, Proc.] Enabling Processes COBIT 5:An ISACA Framework
ISBN 978-1-60420-239-7
[COBIT 5, 2012, Gov.] COBIT 5: A Business Framework for the Governance and Management of
Enterprise IT
ISBN 978-1-60420-237-3

9/3/20199/3/2019 44
 COBIT
and related materials (COBIT = Control Objectives for Information Technology) Copyright
© IT Governance Institute
 COBIT 4 improvements, e.g.: Capability Maturity Model - maturity performance - Balanced
ScoreCard then: COBIT 5
bibliography: COBITbibliography: COBIT

9/3/20199/3/2019 44
 COBIT Executive Summary, April 1998 2nd Edition Released by the COBIT Steering
Committee and the Information Systems Audit and Control Foundation
 COBIT 3rd Edition, July 2000 Released by the COBIT Steering Committee and the IT
Governance Institute editor: Information Systems Audit and Control Association - ISACA
 COBIT 4.0 Control Objectives, Management Guidelines, Maturity Models Copyright © IT
Governance Institute, 2005
COBIT 4.1 Framework, Management Guidelines, Maturity Models Copyright © IT
Governance Institute, 2007

9/3/20199/3/2019 44
 COBIT® 5 Design Paper Exposure Draft © 2010 ISACA
other COBIT® 5 materials followed - personal involvement: Dr. Katalin Szenes was member of the
Subject Matter Expert Group
 COBIT 5.0 Vol. I – The Framework” and “COBIT 5.0 Vol. IIa – Process Reference Guide © 2011
ISACA, working paper
 Enabling Processes - COBIT 5 An ISACA Framework Copyright © 2012 ISACA
 COBIT Focus articles, e.g. Dr. Katalin Szenes got this in January, 2014: Vishal Salvi, Avinash W.
Kadam: Information Security Management at HDFC Bank: Contribution of Seven Enablers

9/3/20199/3/2019 44
ISO
régiek, de fontosak:
ISO/IEC TR 133354, First edition, 1996-l 2-15, Information technology - Guidelines
ISO/IEC 15408 család
Information technology — Security techniques — Evaluation criteria for IT
security -
mai divat:
27000-es család
27000 az informatikai biztonsági irányítási rendszer áttekintése és szótár
27001 az informatikai biztonsági irányítási rendszer követelményei
27002 gyakorlati útmutató a biztonsági célokhoz ["controls" ejnye ]
27003 az irányítási rendszerhez implementálási útmutató
27005 risk management
27035 biztonsági incidens kezelése - biztonság a másmilyen is!
. / .
bibliography: ISObibliography: ISO

9/3/20199/3/2019 44
ISO - cont'd
Guide 73 risk management vocabulary
24762 disaster recovery
22301 business continuity management
38500 IT governance
[ alkalmazásfejlesztés ]
a jó öreg 12207, és, ami nemrég még mindig részben draft volt:
27034 information security to those specifying, designing and programming or procuring,
implementing and using application systems
stb., stb., ...

9/3/20199/3/2019 44
 the 27000 family:
 International Standard ISO/IEC 27000 First edition 2009-05-01, Information technology —
Security techniques — Information security management systems — Overview and vocabulary,
Reference number: ISO/IEC 27000:2009(E) Copyright © ISO/IEC 2009
 International Standard ISO/IEC 27001 - 2nd edition: Oct. 1, 2013
27002
27005
 others, such as:
ISO Guide 73:2009

9/3/20199/3/2019 44
qqq ISO/IEC 15408 Information technology — Security techniques — Evaluation criteria for IT
security (Common Criteria) (ITCSEC, then ITSEC, then CC)
qqq Magyar Szabvány MSZ ISO/IEC 12207:2000 Magyar Szabványügyi Testület Informatika.
Szoftveréletciklus-folyamatok Information technology. Software life cycle processes. corresponds
to: ISO/IEC 12207:1995 version
qqq ISO/IEC 27034:2011+ Information technology — Security techniques — Application security
(parts 1, 2 & 6 published, remainder in DRAFT)
qqq on business continuity planning (24762)
qqq governance (38500)

9/3/20199/3/2019 44
NIST: National Institute of Standards and Technology, USA, Department Commerce
https://www.nist.gov
guides,
policies,
security notices,
information quality standards,
... from the nanoscale, and neutron research
to the manufacturing and transportation
létezik: NASA - National Aeronautics and Space Administration:
https://www.nasa.gov
a hackerek időnként összekeverik: NSA, NASA, NIST
bibliography: NISTbibliography: NIST

9/3/20199/3/2019 44
NIST - National Institute of Standards and Technology
the so-called NIST Cybersecurity Framework
(Framework for Improving Critical Infastructure Cybersecurity
version 1.0, National Institute of Standards and Technology
February 12, 2014 - kiterjedt magyar felhasználás)
Framework for Improving Critical Infastructure Cybersecurity
version 1.1, National Institute of Standards and Technology
April 16, 2018

9/3/20199/3/2019 44
NIST - National Institute of Standards and Technology - cont'd
NIST Special Publication 800-53
Revision 4
Security and Privacy Controls for Federal information Systems and Organizations, April 2013
INCLUDES UPDATES AS OF 01-22-2015
U.S. Department of Commerce
National Institute of Standards and Technology
itt figyelembe vették: Federal Information Processing Standard (FIPS) 200
cél volt a FISMA bevezetésének támogatása
FISMA: Federal Information Security Modernization Act of 2014

9/3/20199/3/2019 44
 Building a Corporate Risk Management Methodology and Practice EuroCACS 2002 - Conf.
for IS Audit, Control and Security Copyright 2002 ISACA, Tutorial
 2010: "IT GRC versus ? Enterprise GRC but: IT GRC is a Basis of Strategic Governance";
EuroCACS 2010
 2011: Enterprise Governance Against Hacking. Procds. of the 3rd IEEE International
Symposium on Logistics and Industrial Informatics LINDI 2011 August 25–27, 2011, Budapest,
Hungary
 2011:Serving Strategy by Corporate Governance - Case Study: Outsourcing of Operational
Activities; Procds. of 17th International Business Information Management Association -
IBIMA November 1415, 2011, Milan, Italy, ed. Khalid S. Soliman
bibliography: publicationsbibliography: publications

9/3/20199/3/2019 44
 2012: Extending IT security methods to support enterprise management, operations and risk
management - Hungarian (Informatikai biztonsági módszerek kiterjesztése a vállalatirányítás,
a működés, és a kockázatkezelés támogatására) in Hungarian Journal Quality and Reliability
(Minőség és Megbízhatóság)
 Operational Security - Security Based Corporate Governance in: Procds. of IEEE 9th
International Conference on Computational Cybernetics (ICCC); July 8-10, 2013 Tihany,
Hungary Copyright @2013 by IEEE. p. 375-378

9/3/20199/3/2019 44
 some of the publications of Dr. Katalin Szenes on outsource
 2010: Auditing outsourcing of IT resources, Part I., Part II. - Hungarian (Az informatikai
erőforrás-kihelyezés auditálási szempontjai, I., II. rész) in: Information Security Handbook
(Az Informatikai biztonság kézikönyve) Verlag Dashöfer, Budapest, Hungary
 Part I. February, 2010 p. 8.10. 1. – 26. (26 pages) Part II. December, 2010 p. 8.10. 27. – 158.
(132 pages) total 158 pages
 2011: Serving Strategy by Corporate Governance - Case Study: Outsourcing of Operational
Activities; Procds. of 17th International Business Information Management Association -
IBIMA November 14-15, 2011, Milan, Italy

9/3/20199/3/2019 44
 publications on the opinion of Dr. Katalin Szenes concerning legislation and its use
 K.: Informatikai biztonsági megfontolások a Sarbanes - Oxley törvény ürügyén; (A 2002-
es Sarbanes - Oxley törvény hatásai az informatikai biztonsági rendszerekre és az
informatikai ellenőrök feladataira. A jelentésszolgálat és a többi kulcsfontosságú alkalmazás
felügyeletének kérdései); Hungarian - IT security considerations triggered by SOX; in: Az
Informatikai biztonság kézikönyve, 22. aktualizálás Verlag Dashöfer, 2006. október, 2.2.1.1.
old. - 2.2.8.8. old. - 96 oldal p. 2.2.1.1. - 2.2.8.8. total: 96 pages
 Az informatikai biztonsággal kapcsolatos törvényekről és rendeletekről; Hungarian - On
the Hungarian laws and regulations dealing with IT security in: Az Informatikai biztonság
kézikönyve, 33. aktualizálás Verlag Dashöfer, 2009. május, 3.4.1. old. - 3.4.34. old. - 34 oldal p.
3.4.1. - 3.4.34. total: 34 pages

9/3/20199/3/2019 44
Cloud Security Alliance
consequences of jurisdiction & other obligations
USA
SOX
EU
GDPR (2016 / 679) :
others
PSD2
materials on immutable servers, e.g.
Security Magazine:
Nick Piagentini, Senior Solutions Architect, CloudPassage:
How Immutable Servers Can Revolutionize Cloud Security [as old as]: August 12, 2014
https://www.securitymagazine.com/authors/2030-nick-piagentini
bibliography: othersbibliography: others

9/3/20199/3/2019 44
további hasznos anyagok:
PCI DSS - Payment Card Industry Security Standards
https://www.pcisecuritystandards.org/security_standards/
OWASP - Open Web Application Security Project
OASIS-OPEN - advancing open standards for the information society
https://www.oasis-open.org/
ős: SGML (Standard Generalized Markup Language) Open, 1993.
bibliography: othersbibliography: others

9/3/20199/3/2019 44
CISA – Certified Information Systems Auditor designator: ISACA
CISM - Certified Information Security Manager designator: ISACA
CGEIT - Certified in Governance Enterprise IT designator: ISACA
CISSP - Certified Information Security Professional designator: ISC2
ISC2: International Information Systems Security Certification Consortium,
founded in the USA, www.isc2.org
ISACA: information Systems Audit and Control Association, founded in the USA
www.isaca.org
lectures at the Hungarian CISA Review Course from 1999
1999-2019 member of the Quality Assurance Team as Expert Reviewer of the
CISA Review Technical Information Manual © ISACA
member of the Subject Matter Expert Team, as Expert Reviewer
COBIT 5
COBIT 2019
bibliography: some of the contributions (of Katalin Szenes)bibliography: some of the contributions (of Katalin Szenes)

Blockchain and deep learning

More Related Content

Recently uploaded

Featured

Blockchain and deep learning