{"title":"加强英国监管框架:加强供应链的网络安全","authors":"Betul Gokkaya , Konstantina Spanaki , Erisa Karafili","doi":"10.1016/j.jjimei.2025.100370","DOIUrl":null,"url":null,"abstract":"<div><div>The increasing risks associated with cybersecurity in global supply chains present a significant problem, threatening the operational integrity and security of organisations on a global scale. The UK’s Network and Information Systems (NIS) Framework, although fundamental in cybersecurity regulation, has significant gaps in effectively addressing the complexities of contemporary global supply chain architectures entangled with quickly advancing cyber threats. In this work, we analyse the UK NIS framework, identify key gaps, and propose solutions drawn from other existing frameworks, e.g., US NIST, EU NIS2. We base this analysis on a comparative evaluation using defined criteria related to supply chain coverage, adaptability, and risk management specificity. We enhanced the cybersecurity in supply chains by proposing novel security requirements plans for each risk profile. Furthermore, we examined various solutions for risk assessments and self-risk assessments for supply chain security. We analysed practical risk assessment approaches, including self-assessment strategies, particularly suited for SMEs. Moreover, we investigated the contracting between supply chains in the context of data and information sharing.</div></div>","PeriodicalId":100699,"journal":{"name":"International Journal of Information Management Data Insights","volume":"5 2","pages":"Article 100370"},"PeriodicalIF":0.0000,"publicationDate":"2025-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Strengthening the UK regulatory framework: Enhancing cybersecurity in supply chains\",\"authors\":\"Betul Gokkaya , Konstantina Spanaki , Erisa Karafili\",\"doi\":\"10.1016/j.jjimei.2025.100370\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The increasing risks associated with cybersecurity in global supply chains present a significant problem, threatening the operational integrity and security of organisations on a global scale. The UK’s Network and Information Systems (NIS) Framework, although fundamental in cybersecurity regulation, has significant gaps in effectively addressing the complexities of contemporary global supply chain architectures entangled with quickly advancing cyber threats. In this work, we analyse the UK NIS framework, identify key gaps, and propose solutions drawn from other existing frameworks, e.g., US NIST, EU NIS2. We base this analysis on a comparative evaluation using defined criteria related to supply chain coverage, adaptability, and risk management specificity. We enhanced the cybersecurity in supply chains by proposing novel security requirements plans for each risk profile. Furthermore, we examined various solutions for risk assessments and self-risk assessments for supply chain security. We analysed practical risk assessment approaches, including self-assessment strategies, particularly suited for SMEs. Moreover, we investigated the contracting between supply chains in the context of data and information sharing.</div></div>\",\"PeriodicalId\":100699,\"journal\":{\"name\":\"International Journal of Information Management Data Insights\",\"volume\":\"5 2\",\"pages\":\"Article 100370\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2025-09-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Management Data Insights\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2667096825000527\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Management Data Insights","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2667096825000527","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Strengthening the UK regulatory framework: Enhancing cybersecurity in supply chains
The increasing risks associated with cybersecurity in global supply chains present a significant problem, threatening the operational integrity and security of organisations on a global scale. The UK’s Network and Information Systems (NIS) Framework, although fundamental in cybersecurity regulation, has significant gaps in effectively addressing the complexities of contemporary global supply chain architectures entangled with quickly advancing cyber threats. In this work, we analyse the UK NIS framework, identify key gaps, and propose solutions drawn from other existing frameworks, e.g., US NIST, EU NIS2. We base this analysis on a comparative evaluation using defined criteria related to supply chain coverage, adaptability, and risk management specificity. We enhanced the cybersecurity in supply chains by proposing novel security requirements plans for each risk profile. Furthermore, we examined various solutions for risk assessments and self-risk assessments for supply chain security. We analysed practical risk assessment approaches, including self-assessment strategies, particularly suited for SMEs. Moreover, we investigated the contracting between supply chains in the context of data and information sharing.