Title: Supply Chain Risk Management : Applying Secure Acquisition Principles to Ensure a Trusted Technology Product Author: Anne Kohnke, Dan Shoemaker, Ken Sigler ISBN: 1138197335 / 9781138197336 Format: Soft Cover Pages: 284 Publisher: CRC Press Year: 2017 Availability: 2 to 3 weeks
Description
Contents
The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process. It defines a complete and correct set of processes, activities, tasks and monitoring and reporting systems.
Presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161.
Covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products
Explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization
Details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process
Defines a complete and correct set of processes, activities, and tasks as well as monitoring and reporting systems.
Preface
Chapter 1 : What Product Risk Is and Why It Needs to be Managed Chapter 2 : The Three Constituencies of Product Trust Chapter 3 : Building a Standard Acquisition Infrastructure Chapter 4 : Risk Management in the ICT Product Chain Chapter 5 : Control Formulation and Implementation Chapter 6 : Control Sustainment and Operational Assurance Chapter 7 : A Capability Maturity Model for Secure Product Acquisition