Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Managing Cyber and Information Risk un Supply Chain Literature Review 2022

Verified

Added on 2022/10/09

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
Name of the Student
Name of the University
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
Literature Review
According to [14], in the present era, electronic data is considered to be an integral part of
the everyday life for some critical infrastructure. This particular electronic devices are built by
making use of semiconductor integrated circuits. Some of the well-known devices are aircraft
control, automobile anti-lock and power grid. This particular devices can be trusted if the
inserted chips are hidden for malicious circuit. Huawei has come up with the mechanism for
selecting the supplier by using list of 100-cyber security requirements [5]. The list of cyber-
security aims to cover mainly eleven areas like human resource, strategy governance, law and
regulation. At the similar instance, organization need to analyse each section which is needed for
detail requirement. Huawei has come up with list by asking question that are related to buyers
and vendors. The organization aims to assess certain standard and practices which help the buyer
to analyse the capabilities of cyber-security. In addition, Huawei has come up with ISO 28000
standard which is needed for management of supplier. The supplier management is very much
helpful in analysing and controlling the overall security risks. It is merely seen at the time of the
end-to-end process considering the viewpoint of incoming material. Huawei aims to select and
qualifies supplier chain based on the system, product and standards. Huawei aims to monitor and
check the overall quality and efficiency of contractor and supplier [13]. It also checks the
integrity of different materials that are being provided by third party and delivery process.
Huawei aims to evaluate the performance of each point in SCM aims to establish a proper system
by using a supply chain of given products and services.
As stated by [7], Physical supply chains encounters various kind of risk in between the
various stages of chain. In the domain of cyber, supply chain aims to play a key in supply chain.
If any of the cyber-security is supplied by supply chain then it will have different kind of cyber-

3MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
security risk during different stages of supply chain. If anyhow risk is detected right after the
delivery of equipment then it is very much tough to detect that particular step in supply chain.
The attacking technology comprises of different virus which includes software or even hardware.
Trojan can be inserted in any given stage of supply chain which is used for hacking purpose.
NIST Framework is a tool that helps in analysing the risk and aims to create perfect path for risk-
free environment for any given organization. The tool is very much helpful that helps in
analysing the given risk for any organization. It checks and applies certain standard which is
needed for evaluation of risk within the organization [7]. It merely creates a proper layout of
method for risk analysis which is fit as per the standard so that firm can make use of it. By
making use of current standard and present practices in the organization, it can easily analyse
different kind of risk. In addition, it will help in providing proper guidance of path that will help
in mapping risk element. This particular standard is applied to requirement which is for any
industry or sector.
Fig 1: Measure to provide cyber security in Supply chain
(Source: [2] )

4MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
As per [3], there are various kind of attacking technology like including virus in the
hardware and software which are on continuous rise. Some of hardware attacks are
manufacturing backdoors, unauthorised access to memory, tempering of hardware. Most of the
people do not understand the risk involved in manufacturing process. Supply chain industry
needs to implement a list of technologies like intrusion detection and securing workforce. If one
of the component is found to be faulty in the network, then a proper network is required for
building the send data outside the network. So, as a result data send outside the network does not
help too much. Most of the organisation aims to get component from contractors prior to the
assembly. This is mainly done so that customer does not find who has built that particular part of
the device. O-TTPS has been generally taken into account by ISO body. This particular tool aims
to address different kind of risk which are completely related to third-party providers, vendors
and integrity of product in organization [8]. O-TTPS aims to provide a set of prediction need and
proper recommendation which needs to be followed in the whole lifecycle of product. In china,
there is a law named as Chinese counter-terrorism law (CTL) that aims to outline certain law for
both telecomm firms for cooperation and support. As per this law, Internet service providers are
required to be implement by making use of content monitoring system. In addition, there is
adaptation of certain security steps which has different information about terrorist and anti-
national content.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
Fig 2: Risk Management in Supply chain
(Source : [7])
With reference to [10], supply chain management is not only about the delivery of
various product and services within deadline. Instead of that it is the delivery of different product
and services in the given time. In other words, it is the delivery of various products and services
that are completely free from risk. By making use of risk-free and proper product lifecycle is
provided which assures the different kind of security risk for product and related services. Global
community and world-wide firms need to take certain step for reaching towards the agreement. It
is completely based on laws, best practices and certain protocols. It is mainly done so that trust

6MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
can be build and validated. Cyber-security risk can be defined as any kind of abnormal activity
which can act like malicious behaviour by different actors or even products and service. All of
these can be used for a different purpose [1]. Only IT security is considered to be sufficient for
the important information until and unless the supply chain makes use of cyber-security based
practices. Centre of protection of national infrastructure (CPNI) aims to implement a proper risk
management plan which is inclusive of comprehensive mapping. The mapping is done for both
upstream and downstream of the product. It merely plays a key role in analysing the risk score
for the existing security risk assessment.

7MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
Methodology
Introduction
Research methodology helps us understanding the most suitable option which is needed
for attaining complete and detail result. There are various theories and concept which are being
used in research methodology which helps in deeper and much better analysis of any research
topic [2]. The research methodology helps us in understanding the particular procedure which is
being used for analysing cyber and information risk in the domain of supply chain. The detail
steps of research methodology can also result in limiting the overall research approach. In this
research of cyber-security risk in supply chain, the researcher has applied it incomplete process.
Outline of the Method:
In this section, proper research technique is being used for carrying out analysing on
cyber and information risk in supply chain industry. The chosen philosophy of research is
positivism which is needed for collecting information based on proper logic and evaluation. In
addition, deductive approach will help the researcher for conducting study based on different
data sources analysing the cyber risks [6]. Descriptive design is needed by researcher for
analysing the overall impact of study. Only secondary data sources will be used for analysing the
impact of the overall study which will provide much better quality analysis.
Research Onion
This is tool of methodology that is needed for listing the main division of research. It has
the successful ability to analysing the overall topic. [1], has defined as a helpful tool which is
used by student for conducting research in right way. It is used in each step of the technique that
helps in deriving proper results [8]. It is sub-divided into six major steps that is philosophies,

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

8MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
approaches, strategies, choice, techniques and process. Research onion is very much helpful in
conducting research technique which is very much helpful in having better information about
result. It is the duty of researcher to each step of the research onion which is a structure
procedure for adaptation.
Research Philosophy
In this section, there is application of proper research philosophy which is needed for
analysing of each and every step of research topic. () helpful in explaining the process which is
completely undertaken by researcher for doing research on any topic. Positivism is nothing but
philosophy which helps in application of proper logic for analysis of some hidden facts. It is
completely dominated by use of scientific methods which needed for needed for observation and
collection of knowledge [12]. Interpretivism is a mode which helps in gaining concept about
some of the complex structure involved in social media business and related activities. Realism
is defined as an approach which is a mixture of positivism and interpretative that need
characteristic of both philosophies. Realism is the application of human belief that helps in
analysing the overall interaction of human with realities.
Justification of chosen Philosophy
At present, positivism is being applied so that there can be much better analysis of some
of the hidden matters and details related to cyber-security policy. The overall nature of study is
completely limited to realism study that has discarded the choice of study [16]. The overall
selection of positivism is being applied to research role which is needed for manipulation and
data evaluation that leads to data errors.
Research approach

9MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
It is an approach for study the format which is needed for proper format and conducting
the study. A given research topic is mainly done in two ways that are deductive or inductive. In
case of inductive, a study is needed for analysing the research topic when enough data is not
available. The beginning stage of inductive approach helps in gaining the required information
which builds a proper path for research [6]. On the contrary, the deductive approach is when the
process highlights the use of different theories for gaining access to content. This particular
approach aims to build a proper theory which has certain specification and idea of data analysis.
Based on the nature of study and topic of research, suitable method of research approach is
required for analysis of topic.
Justification of selected approach
In this study, deductive study approach is being chosen which is related to cyber and
information risk by making use of different theoretical concept and knowledge [2]. Cyber-
security framework and models are required to be analysed so that there can be better
understanding.
Design of research
The research design help in analysing the overall framework for this research topic that
helps in selection and analysis of particular pattern. At the time of data collection, a particular
kind of approach is needed for having much better description of research design [9]. There are
mainly three kind of research design in academic that is exploratory, descriptive and explanatory.
Exploratory design is very much help for research in having different kind of ideas and
thoughts which is essential for completing the research paper. Explanatory design help is
analysing the occurrence of particular incident or event. As a result of cause and effect
relationship, all details of the research comes to a limitation [4]. Descriptive approach helps in

10MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
gaining all the required details for occurrence state along with details and complete description
of topic.
Justification of selected research design
As the explanatory is avoided as it aims to completely support the longitude for study
which is not limited to this particular topic [10]. In addition, descriptive design helps in defining
the overall process of application of cyber-security management for supply chain management.
Process of Data Collection
Data is considered to be very much useful as the information is helpful in study of the
research topic with better analysis data [16]. The collected data is helpful in having the right
information for the research process which helps in standardization of format of research.
Source of Data: Secondary
Source data is very much helpful in analysing the penetration for research topic which
helps in having the right information as per requirements. Only secondary data is being used
from different journal article is found to be useful for the research. There are many tools of
available for secondary data collection that is books, website, article and blogs.
Data Techniques: Quantitative
Qualitative data is being used for recording different form of data which helps in
describing the topic in much better way. Qualitative data is very much helpful in the practical
domain which helps in much better understanding of topic.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

11MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
References
[1] O., Akinrolabu, S. New, and A., Martin. Cyber supply chain risks in cloud computing–
bridging the risk assessment gap. Open Journal of Cloud Computing, 5(1) , 2017.
[2] C., Alberts, J., Haller, C. Wallen, and C., Woody. Assessing DoD System Acquisition Supply
Chain Risk Management. CrossTalk, 30(3), pp.4-8, 2017.
[3] A., Boiko, V. Shendryk, and O., Boiko. Information systems for supply chain management:
uncertainties, risks and cyber security. Procedia Computer Science, 149, pp.65-70, 2019.
[4]H., Boyes. Cybersecurity and cyber-resilient supply chains. Technology Innovation
Management Review, 5(4), p.28, 2015.
[5]P., Braund. Platform Requirements to Support Cyber Supply Chain Risk Management
(CSCRM) An Up-Stream Approach, 2016.
[6] Z.A., Collier, M.L., Hassler, J.H., Lambert, D. DiMase, and I., Linkov. Supply Chains.
In Cyber Resilience of Systems and Networks (pp. 447-462). Springer, Cham, 2019.
[7] A., Duzha, P. Gouvas, and M., Canepa. MITIGATE: An Innovative Cyber-Security Maritime
Supply Chain Risk Management System. In ITASEC (pp. 248-252) , 2017.
[8] D.A.S. Estay, and O., Khan. Control structures in supply chains as a way to manage
unpredictable cyber-risks. In 5th World Production and Operations Management Conference,
2016.
[9] P., Radanliev, D.C., De Roure, C., Maple, J.R., Nurse, R. Nicolescu, and U., Ani. Cyber Risk
in IoT Systems, 2019.
[10] P., Radanliev D.C., De Roure, J.R., Nurse, P., Burnap, E., Anthi, U., Ani, L.T., Maddox, O.
Santos, and R.M., Montalvo. Definition of Internet of Things (IoT) Cyber Risk Discussion on a

12MANAGING CYBER AND INFORMATION RISK IN SUPPLY CHAIN
Transformation Roadmap for Standardisation of Regulations Risk Maturity Strategy Design and
Impact Assessment. arXiv preprint arXiv:1903.12084, 2019.
[11] P., Radanliev, D.C., De Roure, J.R.,Nurse, P., Burnap, E., Anthi, A., Uchenna, O. Santos,
and R.M., Montalvo. Cyber Risk Management for the Internet of Things, 2019.
[12] S., Schauer, M., Stamer, C., Bosse, M., Pavlidis, H., Mouratidis, S. König, and S.,
Papastergiou. An adaptive supply chain cyber risk management methodology, 2017.
[13] F., Sheldon, R Abercrombie, and X., Cui. Introduction to Supply Chain Security and Mutual
Trust Research Minitrack, 2017.
[14] B., Turnbull. Cyber-resilient supply chains: Mission assurance in the future operating
environment. Australian Army Journal, 14(2), p.41, 2018.
[15] L.,Urciuoli. Cyber-resilience: a strategic approach for supply chain
management. Technology Innovation Management Review, 5(4) , 2015.
[16] D.A.S. Estay, and O., Khan. Extending supply chain risk and resilience frameworks to
manage cyber risk. In 22nd EurOMA Conference: Operations Management for Sustainable
Competitiveness, 2015.

1 out of 12

+13062052269

info@desklib.com

Managing Cyber and Information Risk un Supply Chain Literature Review 2022

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Security Plan and Training Program Assignment 2022

Information Systems and IT Solution: Design and Development, Globalization, Digital Infrastructure, and Risks of Outsourcing

Leading and Managing Projects

Woolworths Group's Operating and Financial Performance during COVID-19