Tesi etd-08282024-111145 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
PACITTO, MIRCO
URN
etd-08282024-111145
Titolo
Exploiting Smart Contract To Manage A Cybersecurity Questionnaire For The Value Chain: Ensuring Legal Compliance With European Directives On Cybersecurity And Due Diligence.
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Prof.ssa Ricci, Laura Emilia Maria
relatore Prof.ssa Casarosa, Federica
relatore Prof. Chessa, Stefano
relatore Prof.ssa Casarosa, Federica
relatore Prof. Chessa, Stefano
Parole chiave
- blockchain
- csddd
- cybersecurity
- cybersecurity measure
- due diligence
- EU directive
- framework
- gdpr
- human rights
- hyperledger Besu
- nis
- nis2
- nist
- nist cybersecurity framework 2.0
- privacy
- questionnaire
- smart contract
- solidity
- suppliers
- supply chain
- value chain
Data inizio appello
07/10/2024
Consultabilità
Non consultabile
Data di rilascio
07/10/2094
Riassunto
In recent years, especially in Europe, there has been a growing awareness of the importance of cybersecurity within the value chain. These two topics have been at the centre of important regulatory developments, which have raised their strategic importance for companies, regardless of the economic sector in which they operate and their size.
The aim of this Thesis is to create an effective, versatile and easy-to-use tool that meets the control requirements imposed by Corporate Sustainability Due Diligence Directive (CSDD) and Network and Information Security 2 (NIS 2) Directives. In practice the objective is twofold:
1) create a questionnaire containing the questions necessary to carry out in-depth checks on generic IT suppliers;
2) create a smart contract that allows questionnaires to be managed and filled in effectively.
In this way, not only would companies have a tool to perform checks on their suppliers, but also the suppliers themselves, would have a point of reference to bring their cybersecurity measures up to a common high standard. With increasing interconnections between companies and suppliers, the supply chain is not only a network of suppliers and sub-suppliers providing materials and services, but also a potential target for cyber attacks that can have significant repercussions on all parties involved. For this reason, suppliers that do not take adequate cybersecurity measures will soon be cut off from the market. Indeed, attacks on the supply chain can have significant impacts, for example
loss of Sensitive Data (critical information may be exposed, causing reputational and financial damage), interruption of operations (attacks can disrupt operations, causing delays and financial losses) and responses and sanctions (companies may face regulatory sanctions and compensation for privacy and data breaches).
The aim of this Thesis is to create an effective, versatile and easy-to-use tool that meets the control requirements imposed by Corporate Sustainability Due Diligence Directive (CSDD) and Network and Information Security 2 (NIS 2) Directives. In practice the objective is twofold:
1) create a questionnaire containing the questions necessary to carry out in-depth checks on generic IT suppliers;
2) create a smart contract that allows questionnaires to be managed and filled in effectively.
In this way, not only would companies have a tool to perform checks on their suppliers, but also the suppliers themselves, would have a point of reference to bring their cybersecurity measures up to a common high standard. With increasing interconnections between companies and suppliers, the supply chain is not only a network of suppliers and sub-suppliers providing materials and services, but also a potential target for cyber attacks that can have significant repercussions on all parties involved. For this reason, suppliers that do not take adequate cybersecurity measures will soon be cut off from the market. Indeed, attacks on the supply chain can have significant impacts, for example
loss of Sensitive Data (critical information may be exposed, causing reputational and financial damage), interruption of operations (attacks can disrupt operations, causing delays and financial losses) and responses and sanctions (companies may face regulatory sanctions and compensation for privacy and data breaches).
File
| Nome file | Dimensione |
|---|---|
Tesi non consultabile. |
|