What is it about?
This is an overview of a standard management process to ensure the reduction of supply chain risk for information and communication technology products. The well-defined steps have universal application no matter the technology chain and the practices constitute recommended methods.
Featured Image
Why is it important?
There is currently no greater exposure for any organization than potential threats arising from their information and communication technology sourcing. Because ICT products are essentially invisible and therefore cannot be directly assured companies are at the mercy of their suppliers regarding COTS and other sourced products and services. Given the complexity of global supply chains any process to mitigate risk is better than no process at all.
Perspectives
In my humble opinion, if there is ever a digital pearl harbor it will be due to the fact that we as consumers blithely trust the technology products we build our lives around. This is particularly troubling given the global nature of supply chains. Because most supply chains are essentially uncontrolled it would be easy for an adversary to slip something earthshakingly nasty into our daily lives without any form of mitigation. That exposure needs to be considered at all levels of our society
Dan Shoemaker
Read the Original
This page is a summary of: A Standard Best Practice Approach to Acquisition of Secure ICT Products, EDPACS, June 2014, Taylor & Francis,
DOI: 10.1080/07366981.2014.915647.
You can read the full text:
Contributors
The following have contributed to this page
