Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems

Askville, 〈http://askville.amazon.com/word-cyber-older-modern-meaning/AnswerViewer.do?requestId=4086267〉 (accessed August 12, 2013). Booz Allen Hamilton, 2009. Milestones of Cyber Security. (November) 〈http://www.boozallen.com/media/file/milestones-of-cyber-security.pdf〉. Borg, S., 2010. Securing the Supply Chain for Electronic Equipment: A Strategy and Framework. Internet Security Alliance. 〈http://www.whitehouse.gov/files/documents/cyber/ISA-Securing the Supply Chain for Electronic Equipment.pdf〉. (last accessed November 9, 2013). Boyson, 1999 Boyson, S., Corsi, T., Rossman, H., 2009. Building a Cyber Supply Chain Assurance Reference Model. (June) www.saic.com/news/resources/Cyber_Supply_Chain.pdf (last accessed November 9, 2013). Boyson, 2011 Cole, 2005 CSCMP (Council of Supply Chain Management Professionals). 〈http://cscmp.org/about-us/supply-chain-management-definitions〉. Domenici, H., Bari, A., 2012. The Price of Cybersecurity: Big Investments, Small Improvements. Bloomberg Government. (January 31) www.bgov.com. Deloitte Touche Tohmatsu, 2005. The Challenge of Complexity in Global Manufacturing: Trends in Supply Chain Management. DHS, 2012. U.S. Department of Homeland Security, National Protection and Programs Directorate. Cybersecurity Insurance Workshop Readout Report. (November) p.8. Ellison, R., Goodenough, J., Weinstock, C., Woody, C., 2010. Evaluating and Mitigating Software Supply Chain Security Risks. (May) 〈http://www.sei.cmu.edu/library/abstracts/reports/10tn016.cfm〉 (last accessed November 9, 2013). Germain, 2008, Supply chain variability, organizational structure & performance: the moderating effect of demand unpredictability, J. Oper. Manage., 26, 557, 10.1016/j.jom.2007.10.002 Goertzel, K., 2010. Supply chain risk management and the software supply chain. In: Presentation at OWASP AppSec DC Conference. (November) 〈https://www.owasp.org/images/7/77/BoozAllen-AppSecDC2010-sw_scrm.pdf〉 (last accessed November 10, 2013). Harrington, 2010 Heywood, G., 2006. PricewaterhouseCoopers, Personal Interview (September). Howard, L., 2013. Feds: Counterfeit Submarine Parts Shipped to Groton. The Day, New London, CT, July 16. 〈http://theday.com/article/20130716/NWS09/130719772/1017〉. InfoSecurity Europe, 2010. Dell PowerEdge Servers Shipping with Onboard Malware? (July 22) 〈http://www.infosecurity-magazine.com/view/11143/dell-poweredge-servers-shipping-with-onboard-malware-/〉 (last accessed November 8, 2013). Institute of Medicine, 2009. Initial National Priorities for Comparative Effectiveness Research, Report Brief (June) p.1, 〈http://www.hrsonline.org/Policy/LegislationTakeAction/upload/CER-report-brief-6-22-09.pdf〉 (accessed February 27, 2012). Kunert, P., 2011. Leader of CISCO Counterfeit Ring Jailed for 60 Months. The A Channel. (September 12) 〈http://www.channelregister.co.uk/2011/09/12/cisco_counterfeit_ring〉 (last accessed Nov. 8, 2013). Manufacturing.net, 2012. History of Supply Chain Management. 〈http://www.manufacturing.net/articles/2012/05/history-of-logistics-and-supply-chain-management〉. McMillan, R. 2007. Seagate Ships Virus-laden Hard Drives. (November 13). 〈http://www.pcworld.com/article/139576/article.html〉 (last accessed November 10, 2013). McMillan, R., 2010. Woman Helped Sell Fake Chips to U.S. Military. PCWorld. (November 23) 〈http://www.pcworld.com/article/211428/article.html〉. National Public Radio, 2011. China’s Cyber Threat a High-Stakes Spy Game. (November 27) 〈http://www.npr.org/2011/11/27/142828055/chinas-cyber-threat-a-high-stakes-spy-game〉 (last accessed November 8, 2013). NSS Labs, 2013. Invitation to “Securing the Future” Summit (December). NIST, 2013. Discussion Draft of the Preliminary Cybersecurity Framework. National Institute of Security and Technology. (August 28) 〈http://www.nist.gov/itl/upload/discussion-draft_preliminary-cybersecurity-framework-082813.pdf〉 (last accessed December 8, 2013). Oltsik, J., Gahm, J., McKnight, J., 2010. Assessing Cyber Supply Chain Security Vulnerabilities Within the U.S. Critical Infrastructure. (November 28) 〈http://www.enterprisestrategygroup.com/2010/11/cyber-supply-chain-security-research-report/〉. (last accessed November 10, 2013). Open Group, 2011. U.S. Resilience Project. Cyber Supply Chain Risks, Strategies, and Best Practices, Chapter 4 〈http://www.usresilienceproject.org/workshop/participants/pdfs/USRP_Resources_Chapter_4_022812.pdf〉 (last accessed November 10, 2013). PCAST, 2013. Immediate Opportunities for Strengthening the Nation’s Cybersecurity. President’s Council of Advisors on Science and Technology. (November) 〈http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_cybersecurity_nov-2013.pdf〉. PRTM, 2006. SCOR Metrics Powerpoint Presentation. (September). Ramage, 2009, Norbert and Gregory, Inf. Commun. Soc., 12, 735, 10.1080/13691180902956868 2012 SCRLC, 2013. Supply Chain Risk Management Maturity Model. Supply Chain Risk Leadership Council. (May) 〈http://www.scrlc.com〉 (last accessed November 8, 2013). SEC, 2012. Author Interviews with Securities and Exchange Commission Staff (March, 2012). Simpson, S.,( Ed.), 2010. Software Integrity Controls: An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain. Software Assurance Forum for Excellence in Code. (June 14) 〈http://www.safecode.org/publications/SAFECode_Software_Integrity_Controls0610.pdf〉 (last accessed November 10, 2013). Storch, T., 2011. Toward a Trusted Supply Chain: A Risk-Based Approach to Managing Software Integrity. Microsoft Corp. (July 26) 〈http://www.microsoft.com/download/en/details.aspx?id=26828〉 (last accessed November 10, 2013). Symantec, 2013a. 2013 Internet Security Threat Report, vol. 18. 〈http://www.symantec.com/security_response/publications/threatreport.jsp〉. Symantec, 2013b. Symantec Internet Security Threat Report Reveals Increase in Cyberespionage—Including Threefold Increase in Small Business Attacks. News Release, April 16. 〈http://www.symantec.com/about/news/release/article.jsp?prid=20130415_01〉 (last accessed November 8, 2013). Treadway Commission, 2004. Committee of Sponsoring Organizations of the Treadway Commission (COSO), Enterprise Risk Framework Executive Summary, p.2. 〈www.coso.org/documents/coso_erm_executivesummary.pdf〉. WhatIs.com. TechTarget. 〈http://whatis.techtarget.com/definition/cybersecurity〉. PwC, 2012. Cyber Security M&A: Decoding deals in the global Cyber Security industry. (November) 〈http://www.pwc.com/gx/en/aerospace-defence/publications/cyber-security-mergers-and-acquisitions.jhtml〉 (last accessed November 8, 2013).