CSIA 350 Industry Profile Part I.docx - INDUSTRY PROFILE...

This preview shows page 1 - 3 out of 8 pages.

INDUSTRY PROFILEPart I (Acquisition & Procurement Risk)AbstractThis short paper outlines cyber risk associated with supply chain management. The paperexplores potential cyber security threats that affect suppliers and vendors that potentially canresult in costly product liability claims against an organization. The paper further briefly looks atIT governance frameworks that can be used to mitigate risk.
P a g e|1IntroductionInformation technology has become a critical infrastructure that touches every facet of thepublic and businesses today. Not surprisingly cybercrimes and cyber-attacks has increased as we becomemore and more dependent on information technology. An annual survey conducted by PricewaterhouseCooper (PwC) found that cyber-attacks targeting industries rose by 38% in 2015 representing the largestsingle year increase in the past 12 years (Schmitz, 2016). In an article in Fortune magazine, Britishinsurance company Loyds of London estimated that cyber-attacks cost businesses up to $400 Billion ayear. The 2013 high profile hack of retail store Target resulted in an estimated $148 Million in direct cost,with an additional $200 million incurred by financial institutes and untold damage to Target’s reputation(Hardekopf, 2014). It’s not surprising that cyber security is no longer considered merely an IT issue but isnow considered a top priority of many companies. A MarketsandMarkets.com industry assessmentestimated that the cyber security market at $122.45 Billion in 2016 and is expected to continue to grow.It is clear that business recognize the impact of cyber-attacks and the benefits in investing in cybersecurity.Yet despite companies spending billions of dollars in cyber security improvements, ensuring thesecurity supply chain of products remains an operational risk that is difficult to address. With thecontinued globalization of production, the increased complexity of products and the increased pressureto get products to market quickly, the ability of information technology companies to ensure that theirmanufacturing and supply chain processes do not allow the introduction of cyber security threats is adifficult problem to deal with. In essence, how do companies ensure threats such as backdoors andcounterfeit software are not introduced into products during the manufacturing process?This short paper looks to identify some of the operational risks and threats companies face, thepotential impacts, the current legal environment in regards to product liability and methods to addressthe issue such as governance frameworks and standards.Operational risksToday’s information technology has linked the world allowing instantaneous sharing ofinformation and driving globalization. Information Technology has also globalized the manufacturing anddevelopment process creating a complex and diverse supply chain. It is this complexity that has also ledto the introduction of a high level of operational cyber security risk in the manufacturing process andsupply chain (Schmitz, 2016). Components for smart phones to national defense systems require parts

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 8 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
N/A

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture