Library – SCRM Portal

February 1, 2024February 1, 2024

A Maturity Model for supply chain risk management

Purpose

Supply chains are among the most important, complex and risky systems in the modern world. Thus, managing risk is no longer an option, but a fundamental process in organizations. Given the lack of pathways that guide companies toward supply chain risk management (SCRM), the purpose of this study is to provide a conceptual reference, in the form of a maturity model, to support them in the evolution and improvement of this process.

Design/methodology/approach

The proposal covered a broad literature review, a survey and a multiple case study. The research was conducted in the aerospace industry and included companies from the supply chain of a leading aircraft manufacturer.

Findings

The model elaborated with the research results has eight attributes and four levels, addressing critical issues for SCRM to achieve its scope and purposes. The attributes include the structuring and scope of the SCRM process, the importance it receives within the organization, the resources used and the qualification of employees, the role of leadership and the inter-organizational collaboration.

Practical implications

Managing risk along supply chains is particularly challenging, demands resources and knowledge and requires a continuous effort. The proposed model offers a reference for improvement, helping to identify areas that need to be strengthened and practices to be implemented. Thus, it can guide the focus and efforts in a more efficient and systematic way, in addition to support evaluations and comparisons.

Originality/value

Although maturity models are abundant in different fields and several are available for risk management, models specifically developed for SCRM are scarce. This study broadens the understanding of SCRM with novel insights about how to improve this process in an evolutionary way. While many researchers focused their efforts on the SCRM process steps, this study identified critical issues that transcend these steps. The research was carried out in a sector with a long tradition in risk management and included companies belonging to a same supply chain, that is, using an approach still little explored in studies on SCRM or risk management maturity models.

Read Full Publication

December 14, 2023December 21, 2023

AI-based evaluation system for supply chain vulnerabilities and resilience amidst external shocks: An empirical approach

The study focuses on the intricacies and vulnerabilities inherent in supply chains, which are often influenced by external disruptions such as pandemics, conflict scenarios, and inflation. The aim is to devise an AI-driven system that can accurately appraise these intricacies within the domain and mitigate their vulnerabilities effectively. The work employs an empirical approach utilizing datasets from various studies for developing Machine Learning (ML) and Deep Learning (DL) models.

Read Full Paper

June 1, 2023June 1, 2023

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems (ICS) advisory on May 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

ICSA-23-150-01 Advantech WebAccess/SCADA

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

Read Full Advisory

May 9, 2023May 11, 2023

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems (ICS) advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

ICSA-23-129-02 Hitachi Energy MSM
ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series (Update F)

Read Full Document

April 26, 2023April 26, 2023

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

Full Publications

March 17, 2023March 22, 2023

Developing Supply Chain Capabilities Through Digitalization and Viability for Controlling the Ripple Effect

The COVID-19 pandemic affected all industries and presented manufacturing firms with enormous challenges, with considerable changes in consumer demand for goods and services. Supply chain management disruption caused by the COVID-19 outbreak resulted in several socio-economic roadblocks. The slow propagation of disruption risk results in a ripple effect along the entire chain. The lack of resilience and risk management capability is the prime cause, attributed to the unavailability of digital resources, skills, and knowledge.

Read Full Publication

March 6, 2023March 8, 2023

A Comprehensive Framework for Migrating to Zero Trust Architecture

Migrating to Zero Trust Architecture (ZTA) is a strategic approach to strengthen the enterprise’s security postures. The shift to ZTA requires changes across the enterprise which can be challenging to achieve. Utilizing an effective framework for migrating from the old security architecture to ZTA can help ensure smooth transitioning to the Zero Trust journey.

Full Publication

February 22, 2023March 1, 2023

Manipulating Supply Chain Demand Forecasting With Targeted Poisoning Attacks

Demand forecasting (DF) plays an essential role in supply chain management, as it provides an estimate of the goods that customers are expected to purchase in the foreseeable future. While machine learning techniques are widely used for building DF models, they also become more susceptible to data poisoning attacks. In this article, we study the vulnerability of targeted poisoning attacks for linear regression DF models, where the attacker controls the behavior of forecasting models on a specific target sample without compromising the overall forecasting performance.

Full Publication

February 3, 2023March 2, 2023

Manufacturer’s Contexts, Supply Chain Risk Management, and Agility Performance

he dynamism of the current business environment emanates significant challenges and disruption risks for supply chains. These vulnerabilities in contemporary supply chains have motivated a substantial academic focus on supply chain risk management (SCRM). In the empirical literature on SCRM, a firm’s external environment is conceptualized as a source of risk, and various organizational and technological factors are discussed as influencers of SCRM.

Full Publication

December 16, 2021December 16, 2021

Cybersecurity Reference and Resource Guide

2019 Cybersecurity Resource and Reference Guide_DoD-CIO_Final_2020FEB07

The purpose of this document is to provide a useful reference of both U.S. and International resources, in order to develop cybersecurity programs and to build and maintain strong network protection. Extensive reference materials exist that support efforts to build and operate trusted networks and ensure information systems maintain an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability. The resources compiled here support security cooperation and shared best practices to help achieve collective cybersecurity goals. This guide provides readily available and unclassified information pertaining to cybersecurity norms, best practices, security cooperation, policies and standards authored and adopted by the United States (U.S.) government, the U.S. Department of Defense (DoD), and recognized international institutes and workforce development training resources provided by government, industry, and academia.

Aspects related to Cyber Supply Chain Risk Management in the document:

Cyber Supply Chain Risk Management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an information and operational technology product or service at any stage.

Website: https://csrc.nist.gov/Projects/Supply-Chain-Risk-Management

NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, April 2015

Federal agencies are concerned about the risks associated with information and communications technology (ICT) products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the ICT supply chain. These risks are associated with the federal agencies decreased visibility into, understanding of, and control over how the technology that they acquire is developed, integrated, and deployed, as well as the
processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services. This publication provides guidance to federal agencies on identifying, assessing, and mitigating ICT supply chain risks at all levels of their organizations. This publication integrates SCRM into federal agency risk management activities by applying a multi- tiered, SCRM-specific approach, including guidance on supply chain risk assessment and mitigation activities.

Website: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161.pd