Cyber supply chain security practices DNA - Filling in the puzzle using a diverse set of disciplines

Technovation

Volumn 34, Issue 7, 2014, Pages 354-361

  Bartol, Nadya ^a  

^a Utilities Telecom Council   (United States)

Author keywords

Cyber supply chain; Cyber Supply Chain Risk Management; ICT supply chain; ICT Supply Chain Risk Management; ISO IEC 27036; Multidisciplinary; Supply chain

Indexed keywords

RISK MANAGEMENT; SECURITY OF DATA; SOFTWARE ENGINEERING; STANDARDS;

ISO/IEC; MULTIDISCIPLINARY; PROCESS IMPROVEMENT; PROFESSIONAL COMMUNITY; SUBJECT MATTERS; SUPPLY CHAIN RISK MANAGEMENT; SUPPLY CHAIN SECURITY; SUPPLY CHAIN STANDARDS;

SUPPLY CHAINS;

EID: 84901721702     PISSN: 01664972     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.technovation.2014.01.005     Document Type: Article

References (22)

1. Bartol, 2011. ISO/IEC 27306 - summary and update. In: Presented at Software Assurance (SwA) Working Groups Meeting, November 2011.
2. Bartol, 2012. ISO cyber security and ICT SCRM standards. In: Annual Computer Security Applications Conference (ACSAC), December 2012.
3. Committee for National Security Systems Instruction (CNSSI) 4009, 2010. National Information Assurance Glossary, 26 April 2010.
4. European Network and Information Security Agency, 2009. Priorities for Research on Current and Emerging Network Technologies.
5. George Mason University, Center for Infrastructure Protection and Homeland Security, August 2012. CIP Report, vol. 11, number 2.
6. Government Accountability Office, March 2012. IT Supply Chain: National Security-Related Agencies Need to Better Address Risks, GAO-12-361.
7. ISO, 2010. International Standards and "Private Standards", February 2010.
8. ISO/IEC 12207:2008. System and Software Engineering - Software Lifecycle Processes.
9. ISO/IEC 15288:2008. System and Software Engineering - System Lifecycle Processes.
10. ISO/IEC 27036-3:2013. Information Technology - IT Security Techniques - Information Security for Supplier Relationships - Part 3: Guidelines for Information and Communication Technology Supply Chain Security.
11. Mahone, 2012. Bruce Mahone, SAE International. Counterfeit Avoidance: SAE International Standards-Current and under Development, Briefing, August 2012.
12. NIST SP 800-37, Revision 1, February 2010. Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.
13. NIST SP 800-39, March 2011. Managing Information Security Risk: Organization, Mission, and Information System View.
14. NIST SP 800-53, Revision 4, April 2013. Security and Privacy Controls for Federal Information Systems and Organizations.
15. NIST SP 800-161, August 2013. Supply Chain Risk Management Practices for Federal Information Systems and Organizations (Draft).
16. National Defense Industrial Association (NDIA), 2008. Guidebook on Engineering for Systems Assurance, Version 1.
17. National Institute of Standards and Technology Interagency Report (NISTIR) 7622, October 2012. Notional Supply Chain Risk Management Practices for Federal Information Systems.
18. Office of the Under Secretary of Defense for Acquisitions and Technology, 1999. Final Report of the Defense Science Board Task Force on Globalization and Security, December 1999.
19. SAFECode, 2009. Framework for Software Supply Chain Integrity, July 21, 2009 http://www.safecode.org/publications/SAFECode-Supply-Chain0709.pdfa.
20. SAFECode, 2010. Software Integrity Controls, an Assurance-Based Approach to Minimizing Risks in the Software Supply Chain. June 14, 2010 http://www.safecode.org/publications/SAFECode-Software-Integrity-Controls0610. pdfa.
21. The Open Group, 2012. Open Trusted Technology Provider Standard (O-TTPS): Mitigating Tainted and Counterfeit Products.
22. University of Maryland, 2012. The ICT SCRM Community Framework Development Project, Final Report.