Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems

Abstract Cyber supply chain risk management (CSCRM) is a new discipline designed to help IT executives address the challenges of the rapid globalization and outsourced diffusion of hardware and software systems. CSCRM is an integrative discipline combining elements of cybersecurity, supply chain management, and enterprise risk management into a new and powerful concept to exert strategic control over the end-to-end processes of the focal organization and its extended enterprise partners. This article provides a survey of the field, as well as a detailed analysis of the results of a four-year research project on CSCRM, conducted by the Robert H. Smith School of Business Supply Chain Management Center for the National Institute of Standards and Technology, that focused on the development of organizational assessment tools and a capability/maturity model for this emerging discipline.