Notional Supply Chain Risk Management Practices for Federal Information Systems

Boyens, Jon M.; Paulsen, Celia; Bartol, Nadya; Shankles, Stephany A.; Moorthy, R. Rathina

doi:10.6028/nist.ir.7622

Cited by 24 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…And the integrator aggregates lower-level components into a single entity, which will be passed up to a higher-level in the supply chain. All of these communities of practice require a defined process to properly execute their task [7] [8].…”

Section: A a Process For Secure Acquisitionmentioning

confidence: 99%

“…As shown in Figure 1, suppliers source work from lower-level organizations, integrate that work into a single product and then supply it to a customer at the next level up in the hierarchy [9]. There are ten principles that regulate the performance of the communities of practice in a supply chain, which underwrite a competent and capable supply chain lifecycle process [7]. The ten principles are:…”

Section: A a Process For Secure Acquisitionmentioning

confidence: 99%

See 1 more Smart Citation

Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Mead

Kohnke

Shoemaker

2020

2020 IEEE 32nd Conference on Software Engineering Education and Training (CSEE&T)

View full text Add to dashboard Cite

The aim of this paper is to publicize both the challenge and potential solution for the integration of secure supply chain risk management content into conventional software engineering programs. Specifically, software engineering programs typically do not teach how to ensure that the code produced and sold in commercial off-the-shelf (COTS) products hasn't been compromised through the sourcing process. We propose four instructional modules and topics based on established principles that can form the basis of a comprehensive course to address secure sourcing of COTS products.

show abstract

Section: A a Process For Secure Acquisitionmentioning

confidence: 99%

Section: A a Process For Secure Acquisitionmentioning

confidence: 99%

Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Mead

Kohnke

Shoemaker

2020

2020 IEEE 32nd Conference on Software Engineering Education and Training (CSEE&T)

View full text Add to dashboard Cite

show abstract

“…The latest revision (4) provides new additional guidance on applying security control measures to mitigate supply chain risk [6]. It establishes a security control baseline that lists supply chain protections SA-12 (1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11)(12)(13)(14)(15). The report states that a significant challenge is to determine the most cost-effective, appropriate set of security controls, which if implemented and determined to be effective, would mitigate risk.…”

Section: Current Approachesmentioning

confidence: 99%

Supply chain lifecycle decision analytics

Kao

Lin

Eames

et al. 2014

2014 International Carnahan Conference on Security Technology (ICCST)

View full text Add to dashboard Cite

The globalization of today's supply chains (e.g., information and communication technologies, military systems, etc.) has created an emerging security threat that could degrade the integrity and availability of sensitive and critical government data, control systems, and infrastructures. Commercial-off-theshelf (COTS) and even government-off-the-self (GOTS) products often are designed, developed, and manufactured overseas. Counterfeit items, from individual chips to entire systems, have been found in commercial and government sectors. Supply chain attacks can be initiated at any point during the product or system lifecycle, and can have detrimental effects to mission success. To date, there is a lack of analytics and decision support tools used to analyze supply chain security holistically, and to perform tradeoff analyses to determine how to invest in or deploy possible mitigation options for supply chain security such that the return on investment is optimal with respect to cost, efficiency, and security. This paper discusses the development of a supply chain decision analytics framework that will assist decision makers and stakeholders in performing risk-based cost-benefit prioritization of security investments to manage supply chain risk. Key aspects of our framework include the hierarchical supply chain representation, vulnerability and mitigation modeling, risk assessment and optimization. This work is a part of a long term research effort on supply chain decision analytics for trusted systems and communications research challenge.

show abstract

“…A supply chain (SC) is a collection of different organizations that align their business processes, goals, objectives and some components of their systems to third party organizations, suppliers, consumers and partners (Boyens et al , 2015). A SC consists of all activities from the point of origin to the point of consumption, which are related to the flow and movement of goods, services and related information (Murphy and Wood, 2008).…”

Section: Introductionmentioning

confidence: 99%

Cyber security risks in globalized supply chains: conceptual framework

Pandey

Singh

Gunasekaran³

et al. 2020

JGOSS

View full text Add to dashboard Cite

Purpose The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS. Design/methodology/approach Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view. Findings This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies. Research limitations/implications The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study. Practical implications This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs. Originality/value The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

show abstract

Notional Supply Chain Risk Management Practices for Federal Information Systems

Cited by 24 publications

References 0 publications

Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Supply chain lifecycle decision analytics

Cyber security risks in globalized supply chains: conceptual framework

Contact Info

Product

Resources

About