Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Technology Product

  • 5h 57m
  • Anne Kohnke, Dan Shoemaker, Ken Sigler
  • Taylor and Francis
  • 2018

The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process. It defines a complete and correct set of processes, activities, tasks and monitoring and reporting systems.

In this Book

  • Foreword
  • Chapter Structure and Summary
  • Why Secure Information and Communication Technology Product Acquisition Matters
  • Building a Standard Acquisition Infrastructure
  • The Three Building Blocks for Creating Communities of Trust
  • Risk Management in the Information and Communication Technology (ICT) Product Chain
  • Establishing a Substantive Control Process
  • Control Sustainment and Operational Assurance
  • Building a Capable Supply Chain Operation

YOU MIGHT ALSO LIKE

Course Mitigating Security Risks: Managing Network & Infrastructure Security Risks
Book Information Risk Management: A practitioner's guide, 2nd Edition
Course Microsoft Security: Compliance Concepts & Methodologies