Search results

The purpose of this study is to increase awareness of current supply chain (SC) security-related issues by providing an extensive analysis of existing SC security solutions and their limitations. The security of SCs has received increasing attention from researchers, due to the emerging risks associated with their distributed nature. The increase in risk in SCs comes from threats that are inherently similar regardless of the type of SC, thus, requiring similar defence mechanisms. Being able to identify the types of threats will help developers to build effective defences.

In this work, we provide an analysis of the threats, possible attacks and traceability solutions for SCs, and highlight outstanding problems. Through a comprehensive literature review (2015–2021), we analysed various SC security solutions, focussing on tracking solutions. In particular, we focus on three types of SCs: digital, food and pharmaceutical that are considered prime targets for cyberattacks. We introduce a systematic categorization of threats and discuss emerging solutions for prevention and mitigation.

Our study shows that the current traceability solutions for SC systems do not offer a broadened security analysis and fail to provide extensive protection against cyberattacks. Furthermore, global SCs face common challenges, as there are still unresolved issues, especially those related to the increasing SC complexity and interconnectivity, where cyberattacks are spread across suppliers.

This is the first time that a systematic categorization of general threats for SC is made based on an existing threat model for hardware SC.

Reports on the evaluation of a set of commercial PC‐security products. Argues how, and why, this analysis differs from the kind of security evaluation described in the IT security evaluation criteria published recently by some national security agencies. Draws on an in‐depth examination down to the hardware level, based on the actual executable code and covers even attack scenarios where the attacker can manipulate the hardware of the PC. Summarizes the major findings, pointing out some frequent design faults in PC‐security systems.

This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC) share responsibilities, thus leading to the trading of single stock futures.

Globalization and increased outsourcing have contributed to increased supply chain complexity, exposing firms to greater vulnerability in the areas of product safety and supply chain security. Meanwhile, stakeholders pressure firms to ensure that their products are safe, and their supply chains are secure. Drawing from stakeholder theory, this paper aims to explore how the supply chain characteristics of distance and power affect the adoption of consumer protection (CP) practices, which ensure product safety and supply chain security.

Using primary survey data from a sample of Canadian manufacturing firms, this research examines the relationships among supply chain characteristics, adoption of CP practices and firm performance.

Analysis supported the use of two practices related to product safety (consumer education and product design) and three practices for supply chain security (packaging, tracking and authenticity). Greater cultural distance between the focal firm and its suppliers was positively associated with investments in safer design practices, while increased geographical distance between the focal firm and the customer was significantly related to increased consumer education. Moreover, as power of a focal firm relative to its suppliers increased, so too did investments in supply chain security. Finally, CP practices were related to improved operational performance along multiple dimensions.

This research focuses on the critical role of two key stakeholder groups in improving product safety and supply chain security: suppliers and customers. The authors add to the theoretical discussion of product safety and supply chain security by identifying critical differences between suppliers and customers for the focal firm. Second, the research informs the managerial community of the potential benefits of investments in CP practices.

If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable annuity invested in “ABC” mutual fund be handled exclusively by the state insurance commissioner? Are state laws enacted 35 years ago still relevant today when most agents who sell variable annuities are also licensed to sell mutual funds?

The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches of students’ and staff’s data. This paper aims to investigate education technology (EdTech) vendors’ responsibility for this cyber (in)security challenge, with a particular focus on EdTech in India as a case study.

Theoretically, building on the security economics literature, the paper establishes a link between the dynamics of the EdTech market and the education sector’s cyber insecurities and investigates the various economic barriers that stand in the way of improving EdTech vendors’ security practices. Empirically, the paper analyses publicly reported cyber incidents targeting the Indian education sector and EdTech companies in the past 10 years as published in newspapers, using the LexisNexis database. It also examines existing EdTech procurement challenges in India and elsewhere and develops a number of policy recommendations to address the misaligned incentives and information asymmetries between EdTech vendors and educational institutions.

Market forces alone cannot create sufficient incentives for EdTech vendors to prioritise security in product design. Considering the infant stage of the EdTech industry, the lack of evidence about the efficacy of EdTech tools, the fragmentation in the EdTech market and the peculiarities of educational institutions as end-users, a regulatorily and policy intervention is needed to secure education through procurement processes.

This paper introduces a novel exploration to the cybersecurity challenge in the education sector, an area of research and policy analysis that remains largely understudied. By adding a cybersecurity angle, the paper also contributes to the literature using a political economy approach in scrutinising EdTech.

The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific requirements, cost and usability are addressed. The method simplifies and makes the selection process more transparent by identifying issues that are important when selecting products.

The paper used quantitative cost and performance analysis.

The method can be widely applied, allowing the comparison and ranking of an extensive variety of authentication products (passwords, biometrics, tokens). The method can be used for both product selection and the process of product development as supported by the case studies.

This is a work that demonstrates how to compare authentication methods from different categories. A novel ranking method has been developed which allows the comparison of different authentication products in a defined usage scenario.

Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems.

In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP.

Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture.

The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed.

The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software.

The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.

The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that do not. Specifically, this research determines the relationship between purchasing agents’ supplier security preferences and their preferences for product quality, delivery reliability, price, and supplier location. The influence of international sourcing on demand for increased supplier security is also explored.

Choice-based conjoint analysis with hierarchical Bayes (HB) estimation and t-tests are used to assess and compare the utility food purchasing managers derive from different supplier attributes.

Purchasing managers that place a higher priority on security when choosing suppliers were willing to pay suppliers a higher price and receive lower levels of delivery reliability in return for higher security but placed less emphasis on suppliers’ product quality. Firms that source internationally do not have a significantly greater preference for advanced supplier security. However, purchasing managers that value supplier security were more likely to source internationally, potentially indicating that security allows for global sourcing by mitigating the increased vulnerability inherent to sourcing abroad.

This research was limited by its focus on the food industry and a relatively small sample size.

This work illustrated that food purchasing managers can be segmented by the emphasis they place on security. Food industry managers will find results useful in formulating their future service offerings with respect to security and other supplier choice criteria.

This is one of few works investigating security as a supplier choice criterion and utilizing HB estimation of choice-based conjoint data.

Outlines the Open Security Architecture (OSA). OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes. States that the purpose of this architecture is to provide an environment where: acceptable and workable controls can be placed on sensitive data; user productivity and existing investments in applications are not negatively impacted by the addition of control and security; data flow around the organization, and the investment that has been put in place to support this capability (e.g. local‐area, wide‐area, and telephonebased networks) can still be used to enhance information exchange between users; and all workstations, regardless of their location, operating system, or capability to connect to a network, can be included and easily administered under this architecture.