Abstract
In recent times, cyber-attacks have been a significant problem in any organization. It can damage the brand name if confidential data is compromised. A robust cybersecurity framework should be an essential aspect of any organization. This chapter talks about the security framework for cyber threats in supply chain management and discusses in detail the implementation of a secure environment through various controls. Today, a systematic method is used for handling sensitive information in an organization. It includes processes, people, and IT systems by implementing a risk management method. Distinct controls dedicated to different levels of domains, namely human resources, access control, asset management, cryptography, physical security, operations security, supplier relations, acquisition, incident management, and security governance are provided. Companies, contractors, and any others who are part of the supply chain organization must follow this security framework to defend from any cyber-attacks.
TopSetting The Stage
Cybercriminals infiltrate into an organization to steal sensitive information. Cyber breach is the worst nightmare in the Information Technology world. A few impacts are damage to the brand name, litigation, financial losses, and data theft (Ponemon, 2018). As of 2016 cyber-attack have caused loss of around $ 450 billion to the international economy and it’s on the rise every year. The primary motivation in attack scenario as shown in Figure 1. Cybercrime-related attacks top the charts when it comes to the different motivation behind the attacks (Appendix 1).
Figure 1. Source: (Passeri, 2018) TopSolution Approach
In recent days, the cyber-attacks towards supply chain management (SCM) have been very successful. Attackers target a weak or less secure member in a supply chain to gain access to the organization. Some of the weaker networks are mentioned below in Figure 2. one of the main reasons for the successful attack is no awareness about security in the organization and its vendors and everyone in the supply chain. Attackers use this to phish emails of the employees and send malware to infect the machines and infiltrate into the network to steal sensitive information. Attackers can request ransoms by encrypting essential data for an exchange of decryption key.
To fix these cyber risks, a security framework is required. A pure knowledge of security concerns, business processes distinct from the use of technology is needed. Every organization has its unique methods and tools to achieve the results reported by its framework. However, in this paper, This Paper propose one single security framework that must be followed by the organization and the companies in its supply chain. As described in Figure 3, The framework will follow five continuous and concurrent function or can be called a cybersecurity life cycle (Identity, Protect, Detect, Respond, Recover) (NIST, 2019). This process is used to identify, assess and manage cybersecurity risk in the environment proactively.
Figure 3. Cyber security life cycle
Identify
Organizations must develop knowledge of their environment to manage cybersecurity risk to systems, data, assets, and capabilities. To adhere to this function, it is necessary to have complete clarity towards physical and digital assets and their defined roles, responsibilities and its interconnections. Understanding the risk factors are necessary to create policy and procedures to control the risks.
Protect
This function must be used to develop and implement relevant protection and defense during or to prevent a cybersecurity event. To adhere to this, the organization should control physical and digital asset access and provide adequate awareness session to the employees. The process is to maintain baseline settings of network operations, secure sensitive information and suitably repair the incident and deploy necessary security technologies to protect the organization.
Key Terms in this Chapter
Full Disk Encryption: It is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume.
Penetration Testing: It is an authorized simulated cyber-attack on a computer system, performed to evaluate the security of the system.
System Centre Configuration Manager (SCCM): It is a systems management software product developed by Microsoft for managing large groups of computers running Windows NT, Windows Embedded, macOS (OS X), Linux, or UNIX.
PCI DSS: The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
Security Tokens: A security token is a physical device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something.
Standard Operating Procedure (SOP): It is a set of step-by-step instructions compiled by an organization to help workers carry out complex routine operations. SOPs aim to achieve efficiency, quality output and uniformity of performance while reducing miscommunication and failure to comply with industry regulations.
Security Incident Event Management (SIEM): It is software that provides real-time analysis of security alerts generated by applications and network hardware.
Non-Disclosure Agreement: It is a legal contract between two parties that outlines confidential material, information, knowledge that parties wish to share with one another for certain purpose but wish to restrict access to third parties.
Master Service-Level Agreement: A master service agreement, or MSA, is a contract reached between parties, in which the parties agree to most of the terms that will govern future transactions or future agreements.
Security Incident: A security incident is an event that may indicate that an organization's systems or data have been compromised or that measures put in place to protect them have failed. In IT, an event is anything that has significance for system hardware or software and an incident is an event that disrupts normal operations.
Access Control List (ACL) in Switches: It can control the traffic entering a network. Usually, ACLs reside in a firewall router or a router connecting two internal networks. When you configure ACLs, you can selectively admit or reject inbound traffic, thereby controlling access to your network or specific resources on your network.
Vulnerability Assessment: It is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system.
Acceptable Usage Policy: An acceptable use policy, acceptable usage policy or fair use policy, is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used.
Virtual Private Network: A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public systems as if their computing devices directly connected to the private network.
HIPAA: HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The law has emerged into greater prominence in recent years with the proliferation of health data breaches caused by cyberattacks and ransomware attacks on health insurers and providers.