NIST’s Information Technology Lab awarded the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland in College Park a grant in support of the development of cyber supply chain best practice guidelines by NIST. In October, 2010, the Supply Chain Management Center began work on a project to develop, validate, and pilot test a research tool to assess the cyber-supply chain capabilities of the IT vendor community.
This grant was aimed at addressing the fact that, at present, no readily identifiable assessment tool for industry exists that, if used extensively, could form the basis for a body of cyber-supply chain knowledge. Such a body of knowledge should contain data about current/planned corporate risk governance mechanisms, risk management audit/compliance activities, and benchmark practices against which to audit the capability and maturity of an organization.
This lack of a data-driven body of knowledge has been a major deficiency in the emerging discipline of Cyber-Supply Chain Risk Management (SCRM) and has constrained sound decision-making across government and the private sector. It was hoped that data gathered from this project could contribute to the formulation of a strawman SCRM Code of Practice that could advance the discipline and serve as a basis for ongoing dialogue between the public and private sectors.
NIST’s Information Technology Lab awarded the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland in College Park a grant in support of the development of cyber supply chain best practice guidelines by NIST. In October, 2010, the Supply Chain...
See full abstract
NIST’s Information Technology Lab awarded the Supply Chain Management Center of the Robert H. Smith School of Business at the University of Maryland in College Park a grant in support of the development of cyber supply chain best practice guidelines by NIST. In October, 2010, the Supply Chain Management Center began work on a project to develop, validate, and pilot test a research tool to assess the cyber-supply chain capabilities of the IT vendor community.
This grant was aimed at addressing the fact that, at present, no readily identifiable assessment tool for industry exists that, if used extensively, could form the basis for a body of cyber-supply chain knowledge. Such a body of knowledge should contain data about current/planned corporate risk governance mechanisms, risk management audit/compliance activities, and benchmark practices against which to audit the capability and maturity of an organization.
This lack of a data-driven body of knowledge has been a major deficiency in the emerging discipline of Cyber-Supply Chain Risk Management (SCRM) and has constrained sound decision-making across government and the private sector. It was hoped that data gathered from this project could contribute to the formulation of a strawman SCRM Code of Practice that could advance the discipline and serve as a basis for ongoing dialogue between the public and private sectors.
Hide full abstract
