Olubunmi Adeolu Adenekan,Chinedu Ezeigweneme,Excel Great Chukwurah

DOI: https://doi.org/10.51594/ijmer.v6i5.1125

2024-05-12

International Journal of Management & Entrepreneurship Research

Abstract:This review paper explores the multifaceted realm of cybersecurity within IT supply chains, addressing the intricate challenges posed by digital vulnerabilities, high-profile cyber incidents, and emerging threats. It highlights the criticality of continuous risk assessment, the implementation of international security standards, and the necessity for enhanced management of third-party vendors. The paper also delves into advanced technological solutions like blockchain, AI, and machine learning for bolstering security, advocating for best practices including the zero-trust model, regular employee training, and secure software development. Emphasizing a proactive over a reactive approach, the paper underscores the evolving nature of cyber threats and the imperative for adaptive strategies. It calls for concerted efforts from businesses, policymakers, and IT professionals to prioritize and continuously refine cybersecurity measures in safeguarding IT supply chains against future threats. Keywords: IT Supply Chain, Cybersecurity, Risk Management, Blockchain, Zero-Trust Model, Artificial Intelligence.

Motunrayo Oluremi Ibiyemi,David Olanrewaju Olutimehin

DOI: https://doi.org/10.51594/ijmer.v6i6.1241

2024-06-24

International Journal of Management & Entrepreneurship Research

Abstract:This review paper explores the evolving landscape of cybersecurity threats within supply chains, highlighting strategic measures necessary to mitigate these risks. As supply chains integrate more deeply with digital technologies and global networks, they become more vulnerable to sophisticated cyber attacks that can severely disrupt operational integrity and security. This paper synthesizes existing literature to outline the major cybersecurity challenges faced by supply chains, examining case studies and best practices from various industries. Our findings underscore the prevalent threats such as ransomware, phishing, and insider attacks, which exploit the complex interdependencies and digital interfaces in supply chains. The review identifies effective strategic responses, including the integration of comprehensive cybersecurity frameworks, enhanced inter-organizational cooperation, and the implementation of real-time threat detection systems. Conclusively, the paper advocates for a holistic and proactive approach to cybersecurity, emphasizing continuous improvement and adaptive strategies to protect against the dynamic nature of cyber threats in supply chain contexts. Keywords: Cybersecurity, Supply Chain Management, Risk Assessment, Continuous Monitoring, Incident Response, Blockchain Technology, Artificial Intelligence (AI), Collaboration and Information Sharing, Cyber Threats, Emerging Technologies.

Betul Gokkaya,Leonardo Aniello,Basel Halak

DOI: https://doi.org/10.48550/arXiv.2305.14157

2023-05-23

Cryptography and Security

Abstract:The software product is a source of cyber-attacks that target organizations by using their software supply chain as a distribution vector. As the reliance of software projects on open-source or proprietary modules is increasing drastically, SSC is becoming more and more critical and, therefore, has attracted the interest of cyber attackers. While existing studies primarily focus on software supply chain attacks' prevention and detection methods, there is a need for a broad overview of attacks and comprehensive risk assessment for software supply chain security. This study conducts a systematic literature review to fill this gap. We analyze the most common software supply chain attacks by providing the latest trend of analyzed attacks, and we identify the security risks for open-source and third-party software supply chains. Furthermore, this study introduces unique security controls to mitigate analyzed cyber-attacks and risks by linking them with real-life security incidence and attacks.

Oluwabunmi Layode,Henry Nwapali Ndidi Naiho,Talabi Temitope Labake,Gbenga Sheriff Adeleke,Ezekiel Onyekachukwu Udeh,Ebunoluwa Johnson

DOI: https://doi.org/10.51594/ijmer.v6i6.1208

2024-06-13

International Journal of Management & Entrepreneurship Research

Abstract:This study investigates the integration of cybersecurity practices within sustainable supply chain management, addressing the dual challenges of securing supply chains against cyber threats while advancing sustainability objectives. The research employs a systematic literature review methodology, sourcing data from peer-reviewed articles published between 2018 and 2023, across databases such as IEEE Xplore, ScienceDirect, and Wiley Online Library. The selection process involved a rigorous screening of titles, abstracts, and full texts based on predefined inclusion and exclusion criteria, focusing on works that explicitly discuss the intersection of cybersecurity and sustainability within supply chains. Key findings reveal that cybersecurity and sustainability, while traditionally viewed in isolation, are increasingly recognized as complementary facets of supply chain management. The study highlights the critical role of emerging technologies, such as blockchain, artificial intelligence, and the Internet of Things, in enhancing supply chain resilience and sustainability. Furthermore, stakeholder engagement is identified as crucial in developing effective cybersecurity strategies that align with sustainability goals. The future landscape of cybersecure sustainable supply chains is characterized by both challenges and opportunities, necessitating continuous innovation and collaboration across industries and with governmental bodies. Strategic recommendations for industry leaders and policymakers emphasize the importance of fostering a culture that values cybersecurity and sustainability, investing in technology sharing, and developing comprehensive regulatory frameworks. In conclusion, this study underscores the necessity of integrating cybersecurity practices within sustainable supply chain management, offering insights into navigating the complexities of this integration to achieve resilient, transparent, and responsible supply networks. Keywords: Cybersecurity, Supply Chains, Supply Chain Management, Sustainability.

Abimbola Oluwatoyin Adegbite,Deborah Idowu Akinwolemiwa,Prisca Ugomma Uwaoma,Simon Kaggwa,Odunayo Josephine Akindote,Samuel Onimisi Dawodu

DOI: https://doi.org/10.51594/csitrj.v4i3.658

2023-12-24

Computer Science & IT Research Journal

Abstract:This review analyses cybersecurity methods in the USA, focusing on protecting national infrastructure, with lessons and implications for global cybersecurity practices. In an era dominated by digital interconnectedness, the protection of national infrastructure from cyber threats is of paramount importance. This paper provides a comprehensive review of cybersecurity strategies employed by the United States to safeguard critical national infrastructure. As the nation's reliance on technology continues to grow, so does the complexity and sophistication of cyber threats. The paper examines key frameworks, policies, and initiatives implemented by the USA to fortify its critical infrastructure against cyber-attacks. It outlines the current threat landscape, the evolving nature of cyber threats and the potential consequences of successful attacks on critical sectors such as energy, transportation, and finance. It also analyzes the strategic approaches adopted by the USA, including the National Infrastructure Protection Plan (NIPP), the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and collaborative efforts between the public and private sectors. The paper explores the role of government agencies, regulatory bodies, and private enterprises in implementing and enforcing cybersecurity measures. It assesses the effectiveness of information sharing initiatives, public-private partnerships, and international collaborations in enhancing the resilience of national infrastructure against cyber threats. Furthermore, the review addresses emerging technologies such as Artificial Intelligence (AI) and the Internet of Things (IoT) in the context of cybersecurity. It evaluates how these technologies are leveraged to detect, prevent, and respond to cyber threats in real-time, considering both their benefits and potential risks. Ethical considerations, privacy concerns, and challenges associated with the implementation of robust cybersecurity strategies are also discussed. The paper concludes with insights into the evolving nature of cyber threats and recommendations for continuous improvement in national cybersecurity strategies, emphasizing the need for agility, adaptability, and collaboration to stay ahead of an ever-changing threat landscape. This study contributes to the broader understanding of cybersecurity practices, offering insights that are not only relevant to the USA but also applicable to other nations facing similar challenges in safeguarding their critical infrastructure in an increasingly interconnected and digital world. Keywords: Cybersecurity, Strategies, Protecting, National Infrastructure, USA, NIST, Artificial Intelligence.

Muhammad Firdaus

DOI: https://doi.org/10.31219/osf.io/5bgdh

2020-12-08

Abstract:Supply chain security is a vital component of American national security. United State officials have continued to warn that 5G infrastructure equipment built by Huawei could be subverted by China to conduct espionage. There has been an intense investigation on Huawei, ranging from their software development processes to allegations of back doors. While it may be debated if Huawei is a pawn in a trade war or national security risks, it reinforces the importance of knowing one’s ecosystem. This article summarizes a panel discussion at the RSA2020 cybersecurity conference in San Francisco, titled "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei" was moderated by Craig Spiezle, founder of Agelight Advisory and Research Group, with panelists Katie Arrington, cyber information security officer of acquisitions for the U.S. Department of Defense; Donald Andy Purdy, chief security officer of Huawei Technologies USA; Bruce Schneier, security researcher and lecturer at the Harvard Kennedy School; and Kathryn Waldron, a fellow at R Street Institute. This session uses Huawei as a case study for best practices to assess risk and provide transparency to all stakeholders.

Ahmed Akinsola,Abdullah Akinde

DOI: https://doi.org/10.5121/ijsc.2024.15201

2024-07-09

Abstract:This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience and to promote transparency and trust in the digital infrastructure that underpins contemporary society. By examining the concept of software supply chain resilience and assessing the current state of supply chain security, the article provides a foundation for discussing strategies and practices that can mitigate security risks and ensure security continuity throughout the development lifecycle. Through this comprehensive analysis, the article contributes to the ongoing effort to strengthen the security posture of software supply chains, thereby ensuring the reliable and secure operation of digital systems in a connected world

Cryptography and Security

David Olanrewaju Olutimehin,Onyeka Chrisanctus Ofodile,Irunna Ejibe,Olusegun Gbenga Odunaiya,Oluwatobi Timothy Soyombo

DOI: https://doi.org/10.51594/ijmer.v6i3.941

2024-03-23

International Journal of Management & Entrepreneurship Research

Abstract:The review delves into the pivotal role of technology in revolutionizing supply chain risk management practices within the logistics sector. The paper explores the myriad of risks faced by modern supply chains, ranging from natural disasters and geopolitical tensions to cyber threats and disruptions in global trade patterns. It investigates how technological innovations such as blockchain, Internet of Things (IoT), artificial intelligence (AI), and predictive analytics are reshaping traditional risk management approaches by providing real-time visibility, data-driven insights, and proactive mitigation strategies. Through a comprehensive analysis, the study examines the transformative potential of these technologies in enhancing supply chain resilience, agility, and responsiveness to unforeseen disruptions. It highlights the benefits of leveraging blockchain technology for secure and transparent supply chain transactions, IoT sensors for real-time monitoring of goods in transit, AI algorithms for predictive risk modeling, and predictive analytics for identifying and mitigating potential disruptions before they escalate. Furthermore, the paper delves into the challenges and complexities associated with adopting and integrating these technologies into existing supply chain processes, including interoperability issues, data privacy concerns, and the need for specialized expertise. By providing practical insights, case studies, and best practices, the study aims to empower logistics professionals, policymakers, and industry stakeholders to harness the full potential of technology-driven solutions in managing supply chain risks effectively and ensuring business continuity in an increasingly uncertain and volatile global environment. Keywords: Technology, Supply Chain, Risk Management, Innovations, Challenges, Logistics.

Alberto Redondo,Alberto Torres-Barrán,David Ríos Insua,Jordi Domingo

DOI: https://doi.org/10.48550/arXiv.1911.11652

IF: 5.414

2019-11-26

Machine Learning

Abstract:Risk assessment is a major challenge for supply chain managers, as it potentially affects business factors such as service costs, supplier competition and customer expectations. The increasing interconnectivity between organisations has put into focus methods for supply chain cyber risk management. We introduce a general approach to support such activity taking into account various techniques of attacking an organisation and its suppliers, as well as the impacts of such attacks. Since data is lacking in many respects, we use structured expert judgment methods to facilitate its implementation. We couple a family of forecasting models to enrich risk monitoring. The approach may be used to set up risk alarms, negotiate service level agreements, rank suppliers and identify insurance needs, among other management possibilities.

DANIEL IKECHUKWU EKWUNIFE,OJO TITILAYO PRECIOUS,OLADAPO AZEEZ RASUL,OLUWAGBEMISOLA FAITH AKINLADE,TIMOTHY OGECHUKWU NWOKORO,VICTORY IHUOMA IKPE

DOI: https://doi.org/10.30574/ijsra.2024.12.2.1097

2024-07-30

International Journal of Science and Research Archive

Abstract:The study examined the critical role of technology in addressing supply chain challenges in the United States, with a focus on identifying gaps and exploring opportunities for improvement. Through a comprehensive analysis of existing literature and empirical studies, the research uncovered key supply chain challenges faced by firms in the U.S., including issues related to counterfeit goods, logistics inefficiencies, environmental concerns, inaccurate demand forecasting, and cyber-security threats. Also, the study examined the role of emerging technologies such as blockchain, artificial intelligence, Internet of Things, big data analytics, and machine learning in enhancing supply chain resilience and agility. This study highlighted the contributions of these technologies in promoting transparency, traceability, sustainability, and efficiency across various aspects of supply chain management. By synthesizing insights from diverse sources and datasets, the study provided valuable recommendations and strategies for leveraging technology to address supply chain challenges effectively. These recommendations covers areas such as investment in advanced technologies, collaborative data sharing platforms, integration of sustainability metrics, predictive analytics for risk management, and supply chain resilience planning.

Oluwatosin Ilori,Nelly Tochi Nwosu,Henry Nwapali Ndidi Naiho

DOI: https://doi.org/10.30574/wjarr.2024.22.3.1727

2024-06-30

World Journal of Advanced Research and Reviews

Abstract:In the increasingly interconnected digital landscape, third-party vendors play a critical role in providing essential services and capabilities to organizations. However, these external partnerships also introduce significant IT security risks, making it imperative for organizations to implement robust strategies for managing third-party vendor risks. This paper provides a comprehensive audit review of third-party vendor risks in IT security and outlines effective mitigation strategies. The audit review identifies key risk areas associated with third-party vendors, including data breaches, inadequate security controls, and compliance issues. Real-world case studies highlight the severe consequences of insufficient vendor risk management, such as substantial financial losses, reputational damage, and regulatory penalties. Through these examples, the review underscores the critical need for organizations to prioritize vendor risk management in their IT security frameworks. Recommended mitigation strategies are detailed, focusing on enhancing security controls, implementing regular security assessments, and establishing clear contractual agreements. Enhancing security controls involves rigorous vetting of vendors, enforcing strong authentication and encryption protocols, and ensuring vendors adhere to the organization's security policies. Regular security assessments, including audits and penetration testing, are crucial for identifying vulnerabilities and ensuring continuous compliance with security standards. Establishing clear contractual agreements with vendors helps define security expectations, responsibilities, and penalties for non-compliance, thereby creating a legal framework that supports robust risk management. The importance of continuous monitoring and oversight is emphasized, highlighting that effective third-party risk management is not a one-time activity but an ongoing process. Continuous monitoring involves real-time tracking of vendor performance and security posture, supported by automated tools and regular audits to promptly address emerging threats. This paper concludes by stressing the necessity for organizations to adopt a proactive approach to third-party vendor risk management, integrating it as a core component of their overall IT security strategy. By doing so, organizations can mitigate the risks associated with third-party vendors, protect sensitive data, and ensure compliance with regulatory requirements, ultimately safeguarding their operations and reputation in the digital age.

Beatriz M. Reichert,Rafael R. Obelheiro

DOI: https://doi.org/10.1080/1206212x.2024.2390978

2024-08-21

International Journal of Computers and Applications

Abstract:In recent years, software supply chain security has attracted significant research attention. This research subject is concerned both with the security of infrastructures used to build software and deliver it to end users and with the security of software that contains external dependencies such as third-party packages and libraries, and its chief goal is to ensure that no vulnerabilities are introduced in the path between developers and users. This paper presents a Systematic Literature Review to identify knowledge gaps in software supply chain security. For this, we considered studies published between 2012 and 2023 in the search engines of IEEE Xplore, ACM Digital Library, Engineering Village, Scopus, and arXiv. Of the 2051 studies obtained in the primary survey, only 85 are relevant for this research. Analyzing the studies, we observed gaps such as little discussion of software supply chains that involve cloud components, few proposals focused on the software distribution process, and a lack of use of threat modeling frameworks to help identify threats to the supply chain and validate the results.

Chinenye Okafor,Taylor R. Schorlemmer,Santiago Torres-Arias,James C. Davis

2024-06-14

Abstract:This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques

Cryptography and Security,Software Engineering

Moayad Al-Talib,Walid Al-Saad,Anan Alzoubi,Anthony I. Anosike

DOI: https://doi.org/10.1108/ijieom-09-2023-0073

2024-07-30

International Journal of Industrial Engineering and Operations Management

Abstract:Purpose The purpose of this study is to explore the opportunities provided by information technologies (IT) to improve supply chain processes. It aims to conduct a systematic literature review (SLR) to identify research areas that require further exploration to leverage IT and enhance supply chain performance. Design/methodology/approach This study employs a systematic literature review methodology to analyse a set of 177 publications, including journal papers, conference papers, periodicals, theses, and books published between 2013 and 2023. Thematic synthesis was chosen as the most appropriate approach to amalgamate the findings obtained from the systematic literature review conducted in the study. This method involves interpreting thematic information and facilitating the development of a comprehensive understanding of the literature being reviewed. Findings The literature review reveals that certain information technologies, such as the Internet of Things (IoT), Big Data, artificial intelligence (AI), Blockchain, information and communications technology (ICT) and information sharing, offer significant potential for improving supply chain processes. However, the application of these technologies in the field of supply chain is currently under-researched. The findings highlight the need for further exploration of these technologies and their impact on supply chain redesign and enhancement. Originality/value This study contributes to the existing body of knowledge by providing a systematic overview of the potential benefits of IT in the context of supply chains. It emphasises the under-researched nature of specific technologies and their potential to support organisations in improving their supply chain processes. The originality of this study lies in its comprehensive analysis of relevant literature and its identification of research gaps that need to be addressed in future studies.

Colin Topping,Ola Michalec,Awais Rashid

DOI: https://doi.org/10.48550/arXiv.2208.02244

2022-08-03

Cryptography and Security

Abstract:Supply chains are increasingly targeted by threat actors. Using a recent taxonomy, we contrast the diverse levels of detail given by national authorities. The threat is commonly acknowledged, but guidance is disjointed. NIST SP 800-161 aligns closely with the taxonomy and offers a potential pathway towards a common set of principles.

Joy Onma Enyejo,Adenike Folashade Adeyemi,Toyosi Motilola Olola,Emmanuel Igba,Omotoyosi Qazeem Obani

DOI: https://doi.org/10.30574/msarr.2024.11.2.0129

2024-07-30

Magna Scientia Advanced Research and Reviews

Abstract:In recent years, supply chain resilience has emerged as a critical focus for companies worldwide, particularly in the USA, as they face increasing disruptions from various sources such as natural disasters, geopolitical tensions, and pandemics. This review paper explores how technological advancements are equipping American businesses with the tools needed to enhance the robustness and flexibility of their supply chains. Key technologies such as Artificial Intelligence (AI), blockchain, the Internet of Things (IoT), and advanced analytics are examined for their roles in predicting disruptions, optimizing operations, and facilitating swift responses to unforeseen challenges. The paper also highlights case studies of prominent USA companies that have successfully implemented these technologies to mitigate risks and maintain operational continuity. By analyzing current trends and future prospects, this review emphasizes the importance of continuous innovation and adaptation in achieving supply chain resilience, providing valuable insights for industry stakeholders aiming to fortify their supply chains against future disruptions.

Ali Emrouznejad,Sina Abbasi,Çiğdem Sıcakyüz

DOI: https://doi.org/10.1016/j.sca.2023.100031

2023-09-01

Supply Chain Analytics

Abstract:This paper presents a systematic review of the literature on Supply Chain Risk (SCR) research, focusing on content-based analysis. The study comprehensively examines the general factors associated with key themes and trends in supply chain risk management, encompassing the identification and assessment of risks, risk mitigation strategies, and the influence of emerging technologies on Supply Chain Risk Management (SCRM). The review provides an overview of current and emerging topics in SCRM, while also introducing categorization frameworks to address research gaps and provide a roadmap for future studies, thereby generating valuable insights in this field. The review highlights the significance of effective SCRM in ensuring business continuity and resilience, emphasizing the need for organizations to adopt a proactive approach to risk management. The paper concludes by identifying areas for future research, including the development of novel risk management frameworks and the integration of emerging technologies into supply chain risk management practices. Additionally, a comprehensive evaluation of each classification is presented, highlighting overlooked aspects and unexplored domains, and offering recommendations for potential next steps in SCRM research.

Amer Jazairy,Mazen Brho,Ila Manuj,Thomas J. Goldsby

DOI: https://doi.org/10.1108/ijpdlm-12-2023-0445

2024-09-06

International Journal of Physical Distribution & Logistics Management

Abstract:Purpose Despite the proliferation of cyberthreats upon the supply chain (SC) at large, knowledge on SC cybersecurity is scarce and predominantly conceptual or descriptive. Addressing this gap, this research examines the effect of SC cyber risk management strategies on integration decisions for cybersecurity (with suppliers, customers, and internally) to enhance the SC's cyber resilience and robustness. Design/methodology/approach A research model grounded in the supply chain risk management (SCRM) literature, with roots in the Dynamic Capabilities View and the Relational View, was developed. Survey responses of 388 SC managers at US manufacturers were obtained to test the model. Findings An impact of SC cyber risk management strategies on internal cyber integration was detected, which in turn impacted external cyber integration with both suppliers and customers. Further, a positive effect of internal and customer cyber integration on both cyber resilience and robustness was found, while cyber integration with suppliers impacted neither. Practical implications Industry practitioners may adapt certain risk management and integration strategies to enhance the cybersecurity posture of their SCs. Originality/value This research bridges between the established domain of SCRM and the emergent field of SC cybersecurity by forming and testing novel relationships between SCRM-rooted constructs tailored to an SC cyber risks context.

management

Zohreh Khojasteh-Ghamari,Takashi Irohara

DOI: https://doi.org/10.1007/978-981-10-4106-8_1

2017-07-26

Abstract:The purpose of this chapter is to investigate recent research developments in supply chain risk management (SCRM) and to provide a comprehensive outline for researchers and practitioners who are trying to identify the existing state of research in the SCRM area. The importance of a literature review is to enhance the understanding of researchers by cataloging previous research in an area and clarifying the strengths and weaknesses of existing studies and what they might mean. Since the number of studies on SCRM has increased dramatically, several review papers of existing papers have been published. By finding significant number of review papers in the area, we convinced about the necessity of including summary of review papers. Therefore, we first summarize previous SCRM review papers. Second, we review recent papers that have not been mentioned in these review papers. Third, we develop a framework by which to categorize these papers. We conclude by presenting the observed pattern of SCRM research.