SUNConferences, Computers and Industrial Engineering 42

Font Size: 
Management of Information Security in Supply Chains - A Process Framework
Arup Roy, Anirban Kundu

Last modified: 2012-06-27


Information in an organization and the associated processes, systems and networks are important business assets which need to be protected to maintain confidentiality, integrity and availability. Information security is important for the management of business risk to enable organizations mitigate vulnerabilities in order to reduce the threat to both reputation and business. Though work has been done for defining techniques to control information security related risks in supply chains, there is a need to define a formal mechanism to assure management of these risks across the supply chain. This paper discusses some issues pertaining to information security in supply chains as brought out by various researchers and then proposes a Process Framework for the management of information security. The proposed framework should identify potential risks and possible risk management controls for different areas - Physical security, Human Resource security, Technological security, and evolve performance metrics and an audit process to evaluate the effectiveness of the applied controls. It is expected that the framework will help supply chain managers collaborate with information security and Information Technology specialists to establish, implement and maintain information security across the supply chain.

Full Text: PDF