Abstract
Supply chain practices often put companies and their supply chains at risk. One of the most serious risks is disruptions. While many types of disruptions have been considered, little attention has been given to disruptions caused by information technology (IT) security incidents. Partner cooperation can assist in preventing or mitigating damage from IT security breaches in supply chains, where breaches can disrupt production, cause loss of essential data, and compromise confidential information. We develop a generalizable mathematical model that quantifies IT security risk in the supply chain. We then show how to find solutions for optimal risk reduction under several definitions of optimality: minimizing upstream risk, minimizing downstream risk, and minimizing global (supply chain) risk. We show how to develop curves for each of the above scenarios that indicate when extra funds should be spent on security, which security controls should be implemented, and when subsidies among partners are beneficial.
Similar content being viewed by others
References
Baker W, Wallace L (2007) Dependable computing: is information security under control? IEEE Security & Privacy, January/February: 24–32
Blackhurst J, Craighead C, Elkins D, Handfield R (2005) An empirically-derived agenda of critical research issues for managing supply chain disruptions. Int J Prod Res 43:4067–4081
Craighead C, Blackhurst J, Rungtusantham J, Handfield R (2007) The severity of supply chain disruptions: design characteristics and mitigation capabilities. Decis Sci 38:131–156
Kolluru R, Meredith P (2001) Security and trust management in supply chains. Inf Manag Comput Secur 9:233–236
Lpsolve (2009) Retrieved March 4, 2009, from www.Sourceforge.net/projects/lpsolve/
Narasimhan R, Jayaram J (1998) Casual linkages in supply chain management: an exploratory study of North American manufacturing firms. Decis Sci 29:579–606
Prahinski C, Benton W (2004) Supplier evaluations: communication strategies to improve supplier performance. J Oper Manag 22:39–62
Rice J, Caniato F (2003) Building a secure and resilient supply chain. Supply Chain Manag Rev 7:22–30
Sanders N (2005) IT alignment in supply chain relationships: a study of supplier benefits. J Supply Chain Mang 41(2):4–13
Sherali H, Bazaraa M, Jarvis J (2004) Linear programming and network flows. Wiley, New York
Stoneburner G, Goguen A, Feringa A (2002) Risk management guide for information technology systems. Nat’l Inst. of Standards and Technology, US Dept of Commerce, http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Vakharia A (2002) E-business and supply chain management. Decis Sci 33:495–504
Wagner S, Bode C (2008) An empirical examination of supply chain performance along several dimensions of risk. J Bus Logist 29:307–326
Zsidisin G (2003) A grounded definition of supply risk. J Purch & Supply Manag 9:217–224
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Deane, J.K., Ragsdale, C.T., Rakes, T.R. et al. Managing supply chain risk and disruption from IT security incidents. Oper Manag Res 2, 4–12 (2009). https://doi.org/10.1007/s12063-009-0018-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12063-009-0018-2