A framework for supplier-supply chain risk management: Tradespace factors to achieve risk reduction — Return on investment

Abstract

The growing trend in information and communications technology (ICT) globalization and outsourcing provides opportunities for adversaries to attack the supply chains of critical information systems and networks in order to gain unauthorized access to data, alter data, disrupt operations, or interrupt communications by inserting malicious code into or otherwise corrupting components; or to obtain knowledge of the uses and users of systems. A challenging issue is the ability to assure that articles of supply and the suppliers can be trusted to do only that which is expected or specified and to do so reliably and dependably. This paper describes a framework for discovering, defining, learning, and establishing capabilities to manage the risks of suppliers and supply chains of ICT.