Managing IT and Cyber Risks in Supply Chains

Gaudenzi, Barbara; Siciliano, Giorgia Giusi

doi:10.1007/978-981-10-4106-8_5

Cited by 15 publications

(5 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1. Compliance: In the context of supply chain cyber risk management, risk compliance can be understood as to identifying and conforming to the legislation affecting this area, as well as to the standards that must be met [4].…”

Section: A Research Themesmentioning

confidence: 99%

“…This proposed dynamic approach positions all the identified themes in a sort of timeline, position related to to how each element interacts in time, both 1) with the prevention of, response to, and recovery from cyber risk events, as well as with their 2) short, medium or longterm effects. As a result, the main elements from section III are represented on a timeline as shown in Fig 3. The order of the elements shown in the timeline is derived from literature, as it has been argued that Compliance can be regarded as the precedent for the management of cyber risks, where the risks and security standards to conform to exert influence into the risk assessment process [4], which forms part of Situational Awareness. Good situation awareness in the context of supply chain resilience leads to the understanding of the vulnerabilities of the supply chain and the planning for risk events, allowing for the elaboration of early warning strategies or continuity planning and the identification of supporting elements needed for them, like information sharing, coordination, and the availability of knowledge [7].…”

Section: A Description Of the Frameworkmentioning

confidence: 99%

“…Governance, on the other hand, feeds on the outcomes from compliance and situation awareness [4], defining how IT-related decisions should be made across the organization and the supply chain to manage cyber risks.…”

Section: A Description Of the Frameworkmentioning

confidence: 99%

“…However, supply chain cyber risk management is a relatively novel field with only few frameworks available that have been specifically adapted and/or validated for the management of this kind of risks in the supply chain [3], [4].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

An Impact-wave Analogy for Managing Cyber Risks in Supply Chains

Guerra

Estay

2018

2018 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM)

View full text Add to dashboard Cite

 Users may download and print one copy of any publication from the public portal for the purpose of private study or research.  You may not further distribute the material or use it for any profit-making activity or commercial gain  You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

Section: A Research Themesmentioning

confidence: 99%

Section: A Description Of the Frameworkmentioning

confidence: 99%

Section: A Description Of the Frameworkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Impact-wave Analogy for Managing Cyber Risks in Supply Chains

Guerra

Estay

2018

2018 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM)

View full text Add to dashboard Cite

show abstract

“…As a result of the use of advanced information and communication technology, especially the danger that comes from communicating through the Internet, various forms of cyber threats have also increased. The severity and complexity of these attacks have serious business consequences [3], [4], [5], [6], [7].…”

Section: Introductionmentioning

confidence: 99%

Application of an Analytic Hierarchy Process to Select the Level of a Cyber Resilient Capability Maturity Model in Digital Supply Chain Systems

2021

View full text Add to dashboard Cite

Cyber resilient is the ability to prepare for, respond to and recover from cyber attacks. Cyber resilient has emerged over the past few years because traditional cybersecurity measures are no longer enough to protect organizations from the spate of persistent attacks. It helps an organization protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.The cyber resilient capability maturity model is a very important element within an effective in digital supply chain. The maturity model has 6 components: identify, protect, detect, respond, recover and continuity which affect the cybersecurity of the organization. To measure the maturity level needs a holistic approach. Therefore, the analytic hierarchy process (AHP) approach which allows both multi-criteria and simultaneous evaluation. Generally, the factors affecting cyber resilient in digital supply chain have non-physical structures. Therefore, the real problem can be represented in a better way by using fuzzy numbers instead of numbers to evaluate these factors. In this study, a fuzzy AHP approach is proposed to determine the cyber resilient capability maturity level in digital supply chain. The proposed method is applied in a real SMEs company. In the application, factors causing are weighted with triangular fuzzy numbers in pairwise comparisons. The result indicate that the weight factors from comparing the relationship of all factors put the importance of identify factors first, followed by protect, detect, respond, recover and continuity respectively.

show abstract