Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems

Technovation

Volumn 34, Issue 7, 2014, Pages 342-353

  Boyson, Sandor ^a  

^a UNIVERSITY OF MARYLAND   (United States)

Author keywords

Cybersecurity; Risk management; Supply chain management

Indexed keywords

INDUSTRY; SUPPLY CHAIN MANAGEMENT;

CYBER SECURITY; END-TO-END PROCESS; ENTERPRISE RISK MANAGEMENT; EXTENDED ENTERPRISE; HARDWARE AND SOFTWARE; NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY; ORGANIZATIONAL ASSESSMENT; SUPPLY CHAIN RISK MANAGEMENT;

RISK MANAGEMENT;

EID: 84901751938     PISSN: 01664972     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.technovation.2014.02.001     Document Type: Article

References (41)

1. Askville, http://askville.amazon.com/word-cyber-older-modern-meaning/ AnswerViewer.do?requestId=4086267(accessed August 12, 2013).
2. Booz Allen Hamilton, 2009. Milestones of Cyber Security. (November) http://www.boozallen.com/media/file/milestones-of-cyber-security.pdfa.
3. Borg, S., 2010. Securing the Supply Chain for Electronic Equipment: A Strategy and Framework. Internet Security Alliance. http://www.whitehouse.gov/ files/documents/cyber/ISA-Securing the Supply Chain for Electronic Equipment.pdfa. (last accessed November 9, 2013).
4. S. Boyson, T. Corsi, M. Dresner, and L. Harrington Logistics and the Extended Enterprise 1999 John Wiley Inc./R.H. Smith School of Business Hoboken, NJ
5. Boyson, S., Corsi, T., Rossman, H., 2009. Building a Cyber Supply Chain Assurance Reference Model. (June) www.saic.com/news/resources/Cyber-Supply- Chain.pdf (last accessed November 9, 2013).
6. S. Boyson, T. Corsi, H. Rossman, and M. Dorin Assessing SCRM Capabilities and Perspectives of the IT Vendor Community: Toward a Cyber Supply Chain Code of Practice 2011 University of Maryland Robert H. Smith School of Business and National Institute of Standards and Technology http://csrc.nist.gov/scrm/ documents/umd-cyber-scrm-report.pdf(last accessed November 8, 2013)
7. E. Cole, and S. Ring Insider Threat: Protecting the Enterprise from Spying, Espionage, and Theft 2005 Syngress Press Amsterdam
8. CSCMP (Council of Supply Chain Management Professionals). http://cscmp.org/about-us/supply-chain-management-definitionsa.
9. Domenici, H., Bari, A., 2012. The Price of Cybersecurity: Big Investments, Small Improvements. Bloomberg Government. (January 31) www.bgov.com.
10. Deloitte Touche Tohmatsu, 2005. The Challenge of Complexity in Global Manufacturing: Trends in Supply Chain Management.
11. DHS, 2012. U.S. Department of Homeland Security, National Protection and Programs Directorate. Cybersecurity Insurance Workshop Readout Report. (November) p.8.
12. Ellison, R., Goodenough, J., Weinstock, C., Woody, C., 2010. Evaluating and Mitigating Software Supply Chain Security Risks. (May) http://www.sei.cmu. edu/library/abstracts/reports/10tn016.cfm(last accessed November 9, 2013).
13. R. Germain, C. Claycomb, and C. Dröge Supply chain variability, organizational structure & performance: the moderating effect of demand unpredictability J. Oper. Manage. 26 5 2008 557 570
14. Goertzel, K., 2010. Supply chain risk management and the software supply chain. In: Presentation at OWASP AppSec DC Conference. (November) https://www.owasp.org/images/7/77/BoozAllen-AppSecDC2010-sw-scrm.pdf(last accessed November 10, 2013).
15. L. Harrington, S. Boyson, and T. Corsi X-SCM: The New Science of X-treme Supply Chain Management 2010 Routledge Press New York
16. Heywood, G., 2006. PricewaterhouseCoopers, Personal Interview (September).
17. Howard, L., 2013. Feds: Counterfeit Submarine Parts Shipped to Groton. The Day, New London, CT, July 16. http://theday.com/article/20130716/NWS09/ 130719772/1017a.
18. InfoSecurity Europe, 2010. Dell PowerEdge Servers Shipping with Onboard Malware? (July 22) http://www.infosecurity-magazine.com/view/11143/dell- poweredge-servers-shipping-with-onboard-malware-/(last accessed November 8, 2013).
19. Institute of Medicine, 2009. Initial National Priorities for Comparative Effectiveness Research, Report Brief (June) p.1, http://www.hrsonline.org/ Policy/LegislationTakeAction/upload/CER-report-brief-6-22-09.pdf(accessed February 27, 2012).
20. Kunert, P., 2011. Leader of CISCO Counterfeit Ring Jailed for 60 Months. The A Channel. (September 12) http://www.channelregister.co.uk/2011/09/12/cisco- counterfeit-ring(last accessed Nov. 8, 2013).
21. Manufacturing.net, 2012. History of Supply Chain Management. http://www.manufacturing.net/articles/2012/05/history-of-logistics-and-supply- chain-managementa.
22. McMillan, R. 2007. Seagate Ships Virus-laden Hard Drives. (November 13). http://www.pcworld.com/article/139576/article.html(last accessed November 10, 2013).
23. McMillan, R., 2010. Woman Helped Sell Fake Chips to U.S. Military. PCWorld. (November 23) http://www.pcworld.com/article/211428/article.htmla.
24. National Public Radio, 2011. China's Cyber Threat a High-Stakes Spy Game. (November 27) http://www.npr.org/2011/11/27/142828055/chinas-cyber-threat-a- high-stakes-spy-game(last accessed November 8, 2013).
25. NSS Labs, 2013. Invitation to "Securing the Future" Summit (December).
26. NIST, 2013. Discussion Draft of the Preliminary Cybersecurity Framework. National Institute of Security and Technology. (August 28) http://www.nist.gov/ itl/upload/discussion-draft-preliminary-cybersecurity-framework-082813.pdf(last accessed December 8, 2013).
27. Oltsik, J., Gahm, J., McKnight, J., 2010. Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure. (November 28) http://www.enterprisestrategygroup.com/2010/11/cyber-supply-chain-security- research-report/a. (last accessed November 10, 2013).
28. Open Group, 2011. U.S. Resilience Project. Cyber Supply Chain Risks, Strategies, and Best Practices, Chapter 4 http://www.usresilienceproject.org/ workshop/participants/pdfs/USRP-Resources-Chapter-4-022812.pdf(last accessed November 10, 2013).
29. PCAST, 2013. Immediate Opportunities for Strengthening the Nation's Cybersecurity. President's Council of Advisors on Science and Technology. (November) http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/ pcast-cybersecurity-nov-2013.pdfa.
30. PRTM, 2006. SCOR Metrics Powerpoint Presentation. (September).
31. M. Ramage Norbert and Gregory Inf. Commun. Soc. 12 5 2009 735 749
32. R. H. Smith School of Business The ICT SCRM Community Framework Development Project. Robert H. Smith School of Business Supply Chain Management Center 2012 University of Maryland; and National Institute of Security and Technology (NIST) http://csrc.nist.gov/scrm/documents/umd-ict-scrm-initiatives- report2-1. pdfa
33. SCRLC, 2013. Supply Chain Risk Management Maturity Model. Supply Chain Risk Leadership Council. (May) http://www.scrlc.com(last accessed November 8, 2013).
34. SEC, 2012. Author Interviews with Securities and Exchange Commission Staff (March, 2012).
35. Simpson, S.,(Ed.), 2010. Software Integrity Controls: An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain. Software Assurance Forum for Excellence in Code. (June 14) http://www.safecode.org/publications/ SAFECode-Software-Integrity-Controls0610.pdf(last accessed November 10, 2013).
36. Storch, T., 2011. Toward a Trusted Supply Chain: A Risk-Based Approach to Managing Software Integrity. Microsoft Corp. (July 26) http://www.microsoft. com/download/en/details.aspx?id=26828(last accessed November 10, 2013).
37. Symantec, 2013a. 2013 Internet Security Threat Report, vol. 18. http://www.symantec.com/security-response/publications/threatreport.jspa.
38. Symantec, 2013b. Symantec Internet Security Threat Report Reveals Increase in Cyberespionage - Including Threefold Increase in Small Business Attacks. News Release, April 16. http://www.symantec.com/about/news/release/ article.jsp?prid=20130415-01(last accessed November 8, 2013).
39. Treadway Commission, 2004. Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Framework Executive Summary, p.2. www.coso.org/documents/coso-erm-executivesummary.pdfa.
40. WhatIs.com. TechTarget. http://whatis.techtarget.com/definition/ cybersecuritya.
41. PwC, 2012. Cyber Security M&A: Decoding deals in the global Cyber Security industry. (November) http://www.pwc.com/gx/en/aerospace-defence/ publications/cyber-security-mergers-and-acquisitions.jhtml(last accessed November 8, 2013).