A Stochastic Model for Improving Information Security in Supply Chain Systems

Abstract

This article presents a probabilistic security model for supply chain management systems (SCM) in which the basic goals of security (including confidentiality, integrity, availability and accountability, CIAA) are modeled and analyzed. Consequently, the weak points in system security are identified. A stochastic model using measurable values to describe the information system security of a SCM is introduced. Information security is a crucial and integral part of the network of supply chains. Each chain or driver requires a different security level according to the services it contributes to the overall SCM system. Different probabilistic weights are assigned to the four goals CIAA of security depending on the SCM driver’s mission. A Semi-Markov chain model is used to describe the probabilistic nature of different security levels for each driver in the system. A comparison of the steady-state security for a multi-driver model with different levels of attack is performed, and the results analyzed. Enhanced supply chain security could be achieved by identifying the effects of attacks on the security goals of an organization. The use of this model helps to identify weak points in supply chain system security, and offers hints on how to strengthen them. The model is tested by considering intrusion scenarios representing different levels of attack on the SCM system. An analysis of the results is performed using an interactive application.