IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v12y2016icp4-11.html
   My bibliography  Save this article

Objectives for managing cyber supply chain risk

Author

Listed:
  • Windelberg, Marjorie

Abstract

Cyber-based products and services are acquired through supply chains that typically involve numerous suppliers of hardware, firmware and software components and services sourced globally. When acquisition objectives and their concomitant requirements are not rigorously defined and managed, the cyber-based products and services can pose operational risks to end user organizations and possibly to society if security, reliability and/or safety are compromised, especially in critical infrastructure sectors. However, there is some disagreement about the fundamental objectives of cyber supply chain risk management. Objectives such as trustworthiness, integrity, security and reliability are often noted as key, while safety and other objectives are often omitted. Divergent guidance further compounds the difficulties encountered by an acquiring organization in writing meaningful requirements or policies for managing supply chain risk – whether from products and services, or to the operation of the supply chain, or to sensitive supply chain information. This paper recommends a set of objectives for cyber supply chain risk management and examines the connotations of each objective with the intent to improve risk coverage. It then examines the tradeoffs among the various objectives that acquirers and suppliers make and the trust assumptions that can result in risk exposure. Awareness of the tradeoffs and the degree to which organizations value one objective over another helps clarify their risk tolerance or risk appetite and enables them to apply appropriate management controls.

Suggested Citation

  • Windelberg, Marjorie, 2016. "Objectives for managing cyber supply chain risk," International Journal of Critical Infrastructure Protection, Elsevier, vol. 12(C), pages 4-11.
    • Handle: RePEc:eee:ijocip:v:12:y:2016:i:c:p:4-11
    DOI: 10.1016/j.ijcip.2015.11.003
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548215000785
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2015.11.003?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Piètre-Cambacédès, Ludovic & Chaudet, Claude, 2010. "The SEMA referential framework: Avoiding ambiguities in the terms “security” and “safety”," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(2), pages 55-66.
    2. Terje Aven, 2011. "On Some Recent Definitions and Analysis Frameworks for Risk, Vulnerability, and Resilience," Risk Analysis, John Wiley & Sons, vol. 31(4), pages 515-522, April.
    3. Yossi Sheffi, 2005. "The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage," MIT Press Books, The MIT Press, edition 1, volume 1, number 0262693496, December.
    4. Piètre-Cambacédès, L. & Bouissou, M., 2013. "Cross-fertilization between safety and security engineering," Reliability Engineering and System Safety, Elsevier, vol. 110(C), pages 110-126.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Jamieson Gump & Thomas Mazzuchi & Shahram Sarkani, 2017. "An Architecture for Agile Systems Engineering of Secure Commercial Off‐the‐Shelf Mobile Communications," Systems Engineering, John Wiley & Sons, vol. 20(1), pages 71-91, January.
    2. Niloofar Etemadi & Pieter Van Gelder & Fernanda Strozzi, 2021. "An ISM Modeling of Barriers for Blockchain/Distributed Ledger Technology Adoption in Supply Chains towards Cybersecurity," Sustainability, MDPI, vol. 13(9), pages 1-28, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zio, E., 2018. "The future of risk assessment," Reliability Engineering and System Safety, Elsevier, vol. 177(C), pages 176-190.
    2. Armando López‐Cuevas & José Ramírez‐Márquez & Gildardo Sanchez‐Ante & Kash Barker, 2017. "A Community Perspective on Resilience Analytics: A Visual Analysis of Community Mood," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1566-1579, August.
    3. Aziz Barhmi & Omar Hajaji, 2023. "Multidisciplinary Approach to Supply Chain Resilience: Conceptualization and Scale Development," Central European Business Review, Prague University of Economics and Business, vol. 2023(5), pages 43-69.
    4. Xiang Li, 2017. "Optimal procurement strategies from suppliers with random yield and all-or-nothing risks," Annals of Operations Research, Springer, vol. 257(1), pages 167-181, October.
    5. Xiaobing Yu & Hong Chen & Chenliang Li, 2019. "Evaluate Typhoon Disasters in 21st Century Maritime Silk Road by Super-Efficiency DEA," IJERPH, MDPI, vol. 16(9), pages 1-10, May.
    6. Tang, Liang & Jing, Ke & He, Jie & Stanley, H. Eugene, 2016. "Robustness of assembly supply chain networks by considering risk propagation and cascading failure," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 459(C), pages 129-139.
    7. Monika Winn & Manfred Kirchgeorg & Andrew Griffiths & Martina K. Linnenluecke & Elmar Günther, 2011. "Impacts from climate change on organizations: a conceptual foundation," Business Strategy and the Environment, Wiley Blackwell, vol. 20(3), pages 157-173, March.
    8. Sulfikar Amir & Vivek Kant, 2018. "Sociotechnical Resilience: A Preliminary Concept," Risk Analysis, John Wiley & Sons, vol. 38(1), pages 8-16, January.
    9. Yang, Bofan & Zhang, Lin & Zhang, Bo & Xiang, Yang & An, Lei & Wang, Wenfeng, 2022. "Complex equipment system resilience: Composition, measurement and element analysis," Reliability Engineering and System Safety, Elsevier, vol. 228(C).
    10. Laura Colautti & Alice Cancer & Sara Magenes & Alessandro Antonietti & Paola Iannello, 2022. "Risk-Perception Change Associated with COVID-19 Vaccine’s Side Effects: The Role of Individual Differences," IJERPH, MDPI, vol. 19(3), pages 1-14, January.
    11. Zeng, Zhiguo & Fang, Yi-Ping & Zhai, Qingqing & Du, Shijia, 2021. "A Markov reward process-based framework for resilience analysis of multistate energy systems under the threat of extreme events," Reliability Engineering and System Safety, Elsevier, vol. 209(C).
    12. Hiba Baroud & Jose E. Ramirez‐Marquez & Kash Barker & Claudio M. Rocco, 2014. "Stochastic Measures of Network Resilience: Applications to Waterway Commodity Flows," Risk Analysis, John Wiley & Sons, vol. 34(7), pages 1317-1335, July.
    13. Sulu Zhu & Pengqun Gao & Zhen Tang & Ming Tian, 2022. "The Research Venation Analysis and Future Prospects of Organizational Slack," Sustainability, MDPI, vol. 14(19), pages 1-23, October.
    14. Andres F. Jola-Sanchez & Juan Camilo Serpa, 2021. "Inventory in Times of War," Management Science, INFORMS, vol. 67(10), pages 6457-6479, October.
    15. Evgeny Lisin & Wadim Strielkowski & Veronika Chernova & Alena Fomina, 2018. "Assessment of the Territorial Energy Security in the Context of Energy Systems Integration," Energies, MDPI, vol. 11(12), pages 1-14, November.
    16. Wang, Wei & Cammi, Antonio & Di Maio, Francesco & Lorenzi, Stefano & Zio, Enrico, 2018. "A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants," Reliability Engineering and System Safety, Elsevier, vol. 175(C), pages 24-37.
    17. Hangsheng Yang & Min Tang & Ju Huang, 2023. "Can Female Executives Enhance Organizational Resilience? Evidence from China during the COVID-19 Pandemic," Sustainability, MDPI, vol. 15(18), pages 1-17, September.
    18. Kevin B. Hendricks & Manpreet Hora & Vinod R. Singhal, 2015. "An Empirical Investigation on the Appointments of Supply Chain and Operations Management Executives," Management Science, INFORMS, vol. 61(7), pages 1562-1583, July.
    19. Bernhard Fietz & Julia Hillmann & Edeltraud Guenther, 2021. "Cultural Effects on Organizational Resilience: Evidence from the NAFTA Region," Schmalenbach Journal of Business Research, Springer, vol. 73(1), pages 5-46, March.
    20. Chiara Franzoni & Paula Stephan & Reinhilde Veugelers, 2022. "Funding Risky Research," Entrepreneurship and Innovation Policy and the Economy, University of Chicago Press, vol. 1(1), pages 103-133.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:12:y:2016:i:c:p:4-11. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.