Security And Risk Management in Supply Chains

The reduction of risk constitutes a pillar of success in business. A crucial concern in any business activity includes the variable of risk due to security threats in information systems. Risks increase as the business increases in success and profit. Risk Management becomes a crucial part of every successful business model to deal with uncertain and risky socio-economic changes. Security concerns are a major player in minimizing risk in businesses by protecting its intangible resources and knowledge. The emergence of supply chains which coordinate organizations, people, activities, information and resources, dramatically increases risk crises. Efforts have resulted in process reference models, such as the Supply Chain Operations Reference (SCOR) which measures total supply chain performance. Although the SCOR model is designed to support supply chains of various complexities across multiple industries, it does not provide a basis for Risk Management in terms of the security of exchanged information and access control. Quantifying security risks in supply chains becomes a central challenge to be considered in risk management. This paper attempts to propose a framework to bridge the gap between security concerns and risk management in a supply chain, typically, the SCOR model. The framework extends risk management with security awareness by proposing roles for each process in SCOR. Its underlying approach focuses on the types of threats in SCOR implementation projects and applies empirical benchmarks to measure risks in processes with respect to the security-oriented framework.