What is it about?
In a contemporaneous suply chain, the different organizations involved need to have a mechanism to trust each other concerning Information Security. Certification is a usual path to improve the trust level. However, giving the dynamics of actual organizations, a certification process needs to be updated more often, in a continuous way, if possible.
Featured Image
Photo by Štěpán Vraný on Unsplash
Why is it important?
Industries are moving fast to all digital infrastructures for functional and cost reasons. The digital devices used, by their own nature, produce several state and performance indicators, which can be used to provide a security perception. Framing those metrics with certification models allows reaching more control over the security. Furthermore, if we combine those metrics and expose the result to partners, we promote the trust relationship.
Perspectives
This is a preliminary proposal for a 'real-time' certification model aiming to meet the needs of actual supply chains. In such a model, there are several possible metrics and ways to combine them. Making it useful is a big challenge. Not only because of the heterogeneity of the technology in place but also because of the diverse maturity level of organizations concerning security issues. Even so, we believe it is a fundamental aspect of the success of current and future supply chains.
Professor Henrique Manuel Dinis Santos
Universidade do Minho
Read the Original
This page is a summary of: Information Security Assessment and Certification within Supply Chains, August 2021, ACM (Association for Computing Machinery),
DOI: 10.1145/3465481.3470078.
You can read the full text:
Contributors
The following have contributed to this page
