Trust-based information risk management in a supply chain network

被引：11

作者：

Zuo, Yanjun ^{[1
]}

Hu, Wen-Chen ^{[1
]}

机构：

[1] Department of Computer Science, University of North Dakota, Grand Forks ND

来源：

International Journal of Information Systems and Supply Chain Management | 2009年 / 2卷 / 03期

关键词：

Data protection; Security management; Security risk; Supply chain management; Trust; Virtual community;

D O I：

10.4018/jisscm.2009070102

中图分类号：

学科分类号：

摘要：

Information risk management is crucial for an organization operating in an increasingly integrated and intensively communicated environment to mitigate risks and ensure core business functions. Given the open and dynamic nature of a supply chain network, information risk management is challenging and various factors must be considered. This article introduces a trust-based approach to facilitate supply chain participants to perform effective risk management. The major components of the proposed framework include supply chain member trust evaluation, data classification, and trust-based decision making. The major purpose of the framework is to control and mitigate information risks that a participant faces in a supply chain network (e.g., risks to information confidentiality, privacy, and integrity). We apply the principle of transitive trust for trust evaluation and use several decision tools for risk analysis and mitigation. Copyright © 2009, IGI Global.

引用

页码：19 / 34

页数：15

共 25 条

[1]

Alberts C., Dorofee A., Managing Information Security Risks: The OCTAVE Approach, (2002)

[2]

Ammann P., Jajodia S., Liu P., Recovery from malicious transactions, IEEE Transactions on Knowledge and Data Engineering, 14, 5, pp. 1167-1185, (2002)

[3]

Andersen T.J., Information technology, strategic decision making approaches and organizational performance in different industrial settings, Journal of Strategic Information Systems, 10, 2, pp. 101-119, (2001)

[4]

Badenhorst K., Eloff J., The effect of intrusion detection management methods on the return on investment, Computers & Security, 13, 5, pp. 411-435, (1994)

[5]

Bradley P., Managers look to supply chain to cut costs, Logistics Management and Distribution Report, 38, 1, pp. 21-22, (1999)

[6]

Chopra K., Wallace W., Trust in electronic commerce, Proceedings of the 36th Annual Hawaii International Conference on System Sciences, 9, pp. 331-340, (2003)

[7]

Dhillon G., Torkzadeh G., Value focused assessment of information system security in organizations, Information Systems Journal, 16, 3, (2006)

[8]

Guarro S., Principles and procedures of the iram approach to information system risk analysis and management, Computers & Security, 6, 6, pp. 493-504, (1987)

[9]

Gupta M., Rees J., Chaturvedi A., Chi J., Matching information security vulnerabilities to organizational security profiles: A genetic algorithm approach, Decision Support Systems, 41, 3, pp. 592-603, (2006)

[10]

Jiang X., Landay J.A., Modeling privacy control in context-aware systems, IEEE Pervasive Computing, 1, 3, pp. 59-63, (2002)

← 1 2 3 →