Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Know your suppliers: A review of ICT supply chain risk management efforts by the US government and its agencies
Cyber Security: A Peer-Reviewed Journal,
4
(3),
232-242
(2021)
Abstract
Every government and enterprise relies on a network of suppliers spanning the globe. This ecosystem of suppliers has been made more complex by the reliance of organisational processes and services on information and communication technologies (ICT). With the awareness that supply chain is serving as a medium in the cyberattack kill chain, it has become necessary to intensify efforts to mitigate the risks inherent in the supply chain of these technology products and services by striving to know who our suppliers really are. The aim of this paper is to review some of the efforts by the US Government and its agencies in reducing the occurrence and impact of supply chain risk on ICT products and services and how organisations within the private sector can leverage on these efforts to incorporate ICT supply chain into their enterprise risk management strategy with emphasis on knowing who their suppliers are.
Keywords: supply chain risk management; cyber security; NIST; cybercrime; CISA; know your suppliers; threat; cyber security strategy
The full article is available to subscribers to the journal.
Author's Biography
Olatunji Osunji is the technical lead for security analytics and automation at World Bank Group. He has 20 years’ IT experience, with the last ten years in information security. In the last five years, he has been instrumental in the redesign of the security incident and event monitoring infrastructure that supports the 24/7 security operations centre (SOC) of the bank. He is experienced in mentoring and training of SOC security analysts. He is also a doctoral student of cyber security at Marymount University, Arlington, USA. In addition to his technical expertise, Olatunji also has an interest in cyber security at the national level, with a focus on cyber capacity building and how developed nations are keeping pace with cyber risk emanating from emerging technologies.
