A critical balance: collaboration and security in the IT-enabled supply chain

Integration of information flows facilitated by advances in information technology (IT) has increased collaboration across supply chains. However, benefits of interconnectivity are not gained without risk, as IT has removed protective barriers around assets and processes. Thus, supply chains are better able to satisfy customer needs yet are potentially more vulnerable to disruption due to an array of IT-specific threats. Highly interconnected supply chains would appear to be especially prone to these hazards. Although supply chain risk and information technology risk have been studied in isolation, little has been done to define the impact of information security on supply chain management. This exploratory investigation addresses this deficiency in the literature by defining information security risk in the context of supply chain management. It identifies, categorizes, and validates information technology threats as sources of risk in the supply chain. It then establishes a conceptual framework for further study into supply chain information security risk. Finally, it discusses the implications of information security risk in the supply chain. It is suggested that supply chain risk is affected by IT threats and therefore the benefits of collaboration facilitated by IT integration must exceed the increase in risk due to IT security threats.

[1]  M. Smith Computer security-threats, vulnerabilities and countermeasures , 1989 .

[2]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[3]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[4]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[5]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[6]  James A. Narus,et al.  Rethinking Distribution: Adaptive Channels , 1996 .

[7]  Fred Cohen,et al.  Information system attacks: A preliminary classification scheme , 1997, Comput. Secur..

[8]  Richard D. Metters,et al.  Quantifying the bullwhip effect in supply chains , 1997 .

[9]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[10]  Robert J. Vokurka,et al.  Defining supply chain management: a historical perspective and practical guidelines , 1999 .

[11]  James W. DeLoach,et al.  Enterprise-wide risk management : strategies for linking risk and opportunity , 2000 .

[12]  Hau L. Lee,et al.  Information sharing in a supply chain , 2000, Int. J. Manuf. Technol. Manag..

[13]  Marshall L. Fisher,et al.  Supply Chain Inventory Management and the Value of Shared Information , 2000 .

[14]  Zach G. Zacharia,et al.  The nature of interfirm partnering in supply chain management , 2000 .

[15]  M. Warren,et al.  Cyber attacks against supply chain management systems: A short note , 2000 .

[16]  M. Barratt,et al.  Exploring the experiences of collaborative planning initiatives , 2001 .

[17]  B. Stolle Competing for supply. , 2001, Harvard business review.

[18]  M. Frohlich,et al.  Arcs of integration: an international study of supply chain strategies , 2001 .

[19]  Ramesh Kolluru,et al.  Security and trust management in supply chains , 2001, Inf. Manag. Comput. Secur..

[20]  A. Raman,et al.  The Achilles Heel of Supply Chain Management , 2001 .

[21]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[22]  Joan Hash,et al.  Security Guide for Interconnecting Information Technology Systems: Recommendations of the National Institute of Standards and Technology: NIST Special Publication 800-47 , 2002 .

[23]  Joan Hash,et al.  Security Guide for Interconnecting Information Technology Systems , 2002 .

[24]  Jeretta Horn Nord,et al.  Data quality issues in implementing an ERP , 2002, Ind. Manag. Data Syst..

[25]  Alberto Petroni,et al.  Critical factors of MRP implementation in small and medium‐sized firms , 2002 .

[26]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[27]  Lode Li Information Sharing in a Supply Chain with Horizontal Competition , 2002, Manag. Sci..

[28]  M. Christopher,et al.  Supply chain risk management: outlining an agenda for future research , 2003 .

[29]  G. Zsidisin A grounded definition of supply risk , 2003 .

[30]  B. S. Sahay Supply chain collaboration: the key to value creation , 2003 .

[31]  R. Mateosian Firewalls and internet security: Repelling the wily hacker, 2nd ed. [Book Review] , 2003, IEEE Micro.

[32]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[33]  Robert E. Spekman,et al.  Risky business: expanding the discussion on risk and the extended enterprise , 2004 .

[34]  N. Carr IT doesn't matter , 2003, IEEE Engineering Management Review.

[35]  Julie J. C. H. Ryan THE USE , MISUSE , AND ABUSE OF STATISTICS IN INFORMATION SECURITY RESEARCH , 2004 .

[36]  Clare Brindley,et al.  Supply chain risk , 2004 .

[37]  Huseyin Cavusoglu,et al.  Economics of ITSecurity Management: Four Improvements to Current Security Practices , 2004, Commun. Assoc. Inf. Syst..

[38]  Angappa Gunasekaran,et al.  Information systems in supply chain integration and management , 2004, Eur. J. Oper. Res..

[39]  Vineet Padmanabhan,et al.  Comments on "Information Distortion in a Supply Chain: The Bullwhip Effect" , 1997, Manag. Sci..

[40]  S. Chopra,et al.  Managing Risk To Avoid Supply-Chain Breakdown , 2004 .

[41]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[42]  M. Christopher,et al.  Building the Resilient Supply Chain , 2004 .

[43]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[44]  J. Jeng,et al.  Supply chain risk management , 2004, 2004 Semiconductor Manufacturing Technology Workshop Proceedings (IEEE Cat. No.04EX846).

[45]  Aryya Gangopadhyay,et al.  A Simulation Study of Supply Chain Management to Measure the Impact of Information Sharing , 2004, Inf. Resour. Manag. J..

[46]  T. Simatupang,et al.  The collaboration index: a measure for supply chain collaboration , 2005 .

[47]  W. Baker,et al.  Information Security Risk in the E-Supply Chain , 2007 .

[48]  Loren Paul Rees,et al.  Necessary measures: metric-driven information security risk assessment and decision making , 2007, CACM.

[49]  Prem Vrat,et al.  Information distortion in a supply chain and its mitigation using soft computing approach , 2009 .