| CODE | DLT5301 | ||||||
| TITLE | DLT Cybersecurity, Auditing and Sandbox Considerations | ||||||
| UM LEVEL | 05 - Postgraduate Modular Diploma or Degree Course | ||||||
| MQF LEVEL | 7 | ||||||
| ECTS CREDITS | 5 | ||||||
| DEPARTMENT | Centre for Distributed Ledger Technologies | ||||||
| DESCRIPTION | In this study-unit, students will be given a fundamental introduction to cybersecurity and other aspects to instil assurances in DLT related activities . We will introduce and discuss various Information Security matters which are arising today out of this technology and the strategies to respond via regulation, standards, auditing and experimental approaches, including sandboxes. DLT is often praised as a solution to Information Security and Cybersecurity but it also generates its own set of problems. We will delve into the area of Cybersecurity and related assurances by examing how individuals/entities are using such technology for malicious activity, such as funding of terrorism and money laundering. We will also introduce Digital Forensics and how this investigative field is evolving as well with the technology so as to enable the ‘good guys’ to gather intelligence and act against any malicious activity detected. The study-unit will introduce the basics of System Auditing - primarily considered as a tool to prevent malicious or wrongdoing on using technology. We will discuss how auditing is evolving and which appropriate data gathering techniques are efficient and effective when implementing this technology in various industries The last part of the study-unit will reflect upon emerging DLT challenges including ‘pump and dump’, NFT scams, DeFi rug pulls and attempts to regulate and define standards for DLTs preemptively over experimental and regulatory sandboxes. Study-Unit Aims: The aim of this study-unit is to provide students with the appropriate theoretical and practical understanding of Information Security, Cybercrime and Systems Auditing in relation to the DLT technology. Learning Outcomes: 1. Knowledge & Understanding: By the end of the study-unit the student will be able to: - Describe industry Information Security practices, terminology and techniques used in DLT such as: CIA principles, comparison of the current ISO27001 standard terminology compared to the DLT landscape, AICPA SOC2 five key principles involving the aspects of Information Security, security assessment reporting best practices involving NIST SP 800-115 and OSSTMM methodologies; - Define practices and requirements for the prevention and detection of Money Laundering, Funding of Terrorism, Cybercrime and White-collar crime. This will involve discussing critical elements of the Cybercrime Convention, Fourth EU Money Laundering Directive and other various initiatives taken on an EU and Global initiative to combat Funding of Terrorism; - Describe various DLT specific auditing techniques and procedures including both initial system audits as well as on-going compliance audits. The latest MDIA Chapter 1 Systems Auditor Guidelines will be discussed, taking special focus on the AICPA SOC2 systems auditing principles which discusses the approach towards a Type 1 and Type 2 approach towards a technical IT audit involving also Functional Code review and an Information Security review; - Orientation on standardization and regulation practices related to DLT on international and EU level (from existing norms and standards to regulatory sandboxes). 2. Skills: By the end of the study-unit the student will be able to: - Define and discuss the high-level jargon and concepts used in the Information Security environment in DLT; - Proactively detect and/or react to incidents pertaining to malicious activity on the DLT technology, including the knowledge and/or use of techniques and tools used in Digital Forensics; - Contribute to a Systems Audit team/engagement; - Understand and contribute to standardization and policy efforts related to DLT; - Design and management of Sandboxes. Main Text/s and any supplementary readings: Main Texts: - Willems, E. (2019). Cyberdanger: Understanding and Guarding Against Cybercrime: Springer. - Karame, G., & Androulaki, E. (2016). Bitcoin and Blockchain Security: Artech House. - Furneaux, N. (2018). Investigating Cryptocurrencies: Understanding, Extracting, and Analyzing Blockchain Evidence: John Wiley & Sons. - Parenti, R. (2020)Regulatory Sandboxes and Innovation Hubs for FinTech Impact on innovation, financial stability and supervisory convergence: Policy Department for Economic, Scientific and Quality of Life Policies, EU Parliament. Supplementary Readings: - Stein Smith, S. (2020). Blockchain, Artificial Intelligence and Financial Services. - Gupta, R. (2018). Hands-On Cybersecurity with Blockchain: Implement DDoS protection, PKI-based identity, 2FA, and DNS security using Blockchain: Packt Publishing. - Wheeler, E. (2011). Security Risk Management: Building an Information Security Risk Management Program from the Ground Up: Syngress. Depending on their undergraduate experience, students will individually (or in groups) be given selected relevant research papers to read and evaluate. Such material will also include publications and industry leading standards, especially given that the industry practices are heavily evolving in this new technology. |
||||||
| STUDY-UNIT TYPE | Lecture, Independent Study and Project | ||||||
| METHOD OF ASSESSMENT |
|
||||||
| LECTURER/S | Kogias Dimitrios Deborah Lorraine Gatt Sandro Psaila Ioannis Revolidis |
||||||
|
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2025/6. It may be subject to change in subsequent years. |
|||||||