What do you mean, Supply Chain Security? A Taxonomy and Framework for Knowledge Sharing

Supply chain security is a hot topic for research, but the specific phrase supply chain security has different definitions for different groups. This paper presents a brief taxonomy for both the terms supply chain and security, and then explores a basic framework to help describe areas of research in supply chain security. Security is broken down into confidentiality, integrity, and availability; supply chain is detailed as the networks, processes, and elements. By creating a method for describing the research, we can begin to create a framework of the research in supply chain security. This framework allows us to see where prior work has been done and allows us to focus on less-explored areas. It also allows us to compare and translate the supply chain research being performed in one field (electronics), to other fields (e.g. food production, clothing manufacturing)

'Cyber gurus' : a rhetorical analysis of the language of cybersecurity specialists and the implications for security policy and critical infrastructure protection

This paper draws on the psychology of risk and "management guru" literature (Huczynski, 2006) to examine how cybersecurity risks are constructed and communicated by cybersecurity specialists. We conduct a rhetorical analysis of ten recent cybersecurity publications ranging from popular media to academic and technical articles. We find most cybersecurity specialists in the popular domain use management guru techniques and manipulate common cognitive limitations in order to over-dramatize and over-simplify cybersecurity risks to critical infrastructure (CI). We argue there is a role for government: to collect, validate and disseminate more data among owners and operators of CI; to adopt institutional arrangements with an eye to moderating exaggerated claims; to reframe the debate as one of trade-offs between threats and opportunities as opposed to one of survival; and, finally, to encourage education programs in order to stimulate a more informed debate over the longer term

Information sharing in supply chains: a review of risks and opportunities using the Systematic Literature Network Analysis (SLNA)

Purpose – The purpose of this paper is to identify and discuss the most important research areas on information sharing in supply chains and related risks, taking into account their evolution over time. This paper sheds light on what is happening today and what the trajectories for the future are, with particular respect to the implications for supply chain management. Design/Methodology/Approach – The dynamic literature review method called Systematic Literature Network Analysis (SLNA) was adopted. It combines the Systematic Literature Review approach and bibliographic network analyses, and it relies on objective measures and algorithms to perform quantitative literature-based detection of emerging topics. Findings-The focus of the literature seems to be on threats internal to the extended supply chain rather than external attacks, such as viruses, traditionally related to information technology (IT). The main arising risk appears to be the intentional or non-intentional leakage of information. Also, papers analyse the implications for information sharing coming from " soft " factors such as trust and collaboration among supply chain partners. Opportunities are also highlighted and include how information sharing can be leveraged to confront disruptions and increase resilience. Research limitations/implications – The adopted methodology allows providing an original perspective on the investigated topic, i.e. how information sharing in supply chains and related risks are evolving over time due to the turbulent advances in technology. Practical implications-Emergent and highly critical risks related to information sharing are highlighted to support the design of supply chain risks strategies. Also, critical areas to the development of " beyond-the-dyad " initiatives to manage information sharing risks emerge. Opportunities coming from information sharing that are less known and exploited by companies are provided. Originality/value – This study focuses on the supply chain perspective rather than the traditional IT-based view of information sharing. According to this perspective, this study provides a dynamic representation of the literature on the investigated topic. This is an important contribution to the topic of information sharing in supply chains, which is continuously evolving and shaping new supply chain models

Two Studies on The Use of Information Technology in Collaborative Planning, Forecasting & Replenishment (CPFR)

In the 1st study, I seek to determine whether there are trends in the coverage of the use of Information Technology in CPFR in support of Supply Chain Management. I look at the way technology is studied along two dimensions. The first dimension is the function within CPFR—Planning, Forecasting or Replenishment. The second dimension is level at which the study addresses use of the technology, whether at the Operational, Tactical or Strategic level. Within this 3x3 matrix, I seek to prove that studies would primarily fall along a line where the higher the level functions should be served by systems which have a longer-term orientation. This was broadly true, along with an emphasis on studies at the strategic level. Additionally, I find an underrepresentation of Forecasting, especially at the strategic level. The 2nd study seeks to determine the factors affecting IT system use for CPFR, in the real world. I examine the factors affecting system use along two dimensions. The first is along the company-level dimension. There are 3 points along the company-level dimension, defined as follows. Strategic use is defined as use by upper level management who are interested in the long term view of the organization and its processes and products. The Tactical use of IT for CPFR includes use by middle managers at a departmental level for medium term decision making. Operational level IT use covers functions which directly affect individual customers and keep the business running day to day. The second dimension along which system use is examined, is the functional-dimension. There are 3 points along this dimension and they are defined as follows. Use of IT for Planning, based on the VICS standard, is usually, but not exclusively under the purview of senior managers to determine what products to manufacture and the features they should have. Forecasting is done mainly by middle-managers in order to move enough products at the right time, to the right paces, while avoiding over-stocking each product. The Replenishment function is the actual process of moving items to the customer as they are ordered on-line or bought from the shelf. This is typically the job of operational logistics personnel such as purchasing and, shipping and delivery, as well as front-line staff such as customer service, shop-floor attendants or cashiers who interface directly with customers. In examining real world IT use for CPFR, I build on Simmonds, Haines & Li (2013) which looks at the trends and gaps in the IT literature as far as use of IT in CPFR was concerned. The aim is to determine whether the literature lines up with reality, or whether researchers are inherently biased when studying how Information Technology is used to support CPFR. A survey instrument was sent to 4000 senior managers in manufacturing and distribution companies. IT use along the STO dimension (Haines, Hough, & Haines, 2010) and its relationship with Industry characteristics (clock-speed of the industry and technological orientation) will be investigated in the context of the Technology Acceptance Model (TAM) (Fred D. Davis, 1989). Product factors (such as demand variability & luxury nature of the product) which drive IT use (Attaran & Attaran, 2007) along the PFR dimension will be investigated in the context of Technology Task Fit Theory (Goodhue & Thompson, 1995). Intra-firm trust (Frazier, Johnson, Gavin, Gooty, & Bradley Snow, 2010) and its effect on use on the PFR dimension, will be looked at with managerial influence within Innovation Diffusion theory (Rogers, 2010) as a basis. Trust issues including confidence of management in competence of workers and confidence of employees in dependability of IT

Supply chain risk management research agenda: From a literature review to a call for future research directions

Purpose: Supply chain risk has increasingly attracted academic and corporate interest, however the supply chain risk debate in academic literature are rather limited to case and location specific studies. Hence, this paper utilised a systematic literature review to explore the supply chain risk research trends and gaps within the management literature. Design/methodology/approach: To achieve the research objective a systematic literature review (SLR), looking into 25 years since 1990, into supply chain risk management was conducted, which resulted in 114 papers. Findings: While the supply chain risk management literature is growing, results from the systematic literature review identified limited organized understanding of what constitutes holistic supply chain risk process, and high reliance of particular categories for supply chain risk, such as the high reliance on specific country settings (the USA and the UK); limited presence of cross competitive supply chain risk process analysis and challenges in developing conceptual supply chain risk frameworks. Research limitations/implications: The supply chain risk embeds categories of location, scope of supply chain, risk management tools and industry sectors involved, The search for related publications was mainly used from a wide range of coverage from accountancy to design in supply chain risk, hence although there is indication to specific industries, and foci of risk, this could be further explored. Practical implications: This review of supply chain risk management identifies various research gaps and directions for future research to develop theory and practical understanding of supply chain risk. Originality/value: Current literature on supply chain risk have been assessed based on its definition and utilisation. The current paper bridges this gap by synthesizing the diverse academic journal papers into the categories based on design continiuum, relationship continiuum, process continiuum and economic continiuum. In addition it highlighted the gaps in industry context, theoretical contribution, geographic location, and research methods applied and addresses the scope for further research

Modelo conceitual para o gerenciamento de riscos à segurança de instalações portuárias: uma abordagem construtivista

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Produção, Florianópolis, 2015.A atenção para com a proteção de infraestruturas críticas transformou-se em uma preocupação para a consecução de objetivos estratégicos de países e organizações. Com o reconhecimento de normas como o ISPS Code o governo brasileiro passou a exigir das instalações portuárias brasileiras a obrigatoriedade de estruturação de medidas protetivas para o atendimento de demandas pactuadas com entidades internacionais, dentre as quais, o desenvolvimento de planos de análise de riscos à segurança como condição preponderante para a gestão da segurança de instalações portuárias. Neste contexto, a presente pesquisa propõe um modelo para a análise de riscos à segurança de instalações portuárias, aperfeiçoando o entendimento de seus gestores a partir de uma perspectiva multicritério. Para a consecução deste objetivo a presente pesquisa elaborou o mapeamento deste tema; utilizou os pressupostos da metodologia MCDA-C para construiu o modelo conceitual proposto para a análise de riscos à segurança de instalações portuárias; e testou a proposta através de um estudo de caso realizado junto ao Terminal Portuário Santa Catarina. Os resultados apurados ao término da pesquisa evidenciaram contribuições científicas associadas a dois contextos específicos: (i) ao contexto da avaliação de desempenho com a identificação de lacunas de conhecimento e suas consequentes oportunidades de aprimoramento; (ii) ao contexto da norma de gestão de riscos ISO 31.000:2009 com a proposição de processo estruturado para operacionalizar a etapa de análise de riscos a partir da do emprego de MCDA-C, bem como, com o desenvolvimento de uma aplicação informatizada preconizada para este fim.Abstract : The attention to the protection of critical infrastructure became a concern for the achievement of strategic objectives of countries and organizations. With the recognition of standards such as the ISPS Code the Brazilian government began requiring the Brazilian port facilities the requirement for structuring protective measures to meet the agreed demands with international entities, among which, the development of security risk analysis plans as a major condition for managing the security of port facilities. In this context, this research proposes a model for risk analysis to security of port facilities, improving the understanding of its managers from a multi-criteria approach. To achieve this objective, the present study has developed the mapping of this issue; used the premises of the MCDA-C methodology to build our framework for risk analysis to security of port facilities; and tested the proposal through a case study conducted by the Port Terminal Santa Catarina. The results calculated at the end of the survey showed scientific contributions associated with two specific contexts: (i) the performance evaluation context with the identification of knowledge gaps and their consequent opportunities for improvement; (ii) the context of risk management standard ISO 31000: 2009 with the process of proposition structured to operationalize the risk analysis step from the use of MCDA-C as well as with the development of a recommended computerized application to this end

A Digital Forensic Readiness Approach for e-Supply Chain Systems

The internet has had a major impact on how information is shared within supply chains, and in commerce in general. This has resulted in the establishment of information systems such as esupply chains (eSCs) amongst others which integrate the internet and other information and communications technology (ICT) with traditional business processes for the swift transmission of information between trading partners. Many organisations have reaped the benefits that come from adopting the eSC model, but have also faced the challenges with which it comes. One such major challenge is information security. With the current state of cybercrime, system developers are challenged with the task of developing cutting-edge digital forensic readiness (DFR) systems that can keep up with current technological advancements, such as eSCs. Hence, the research highlights the lack of a well-formulated eSC-DFR approach that can assist system developers in the development of e-supply chain digital forensic readiness systems. The main objective of such a system is that it must be able to provide law enforcement/digital forensic investigators that operate on eSC platforms with forensically sound and readily available potential digital evidence that can expedite and support digital forensics incident-response processes. This approach, if implemented can also prepare trading partners for security incidents that might take place, if not prevent them from occurring. Therefore, the work presented in this research is aimed at providing a procedural approach that is based on digital forensic principles for eSC system architects and eSC network service providers to follow in the design of eSC-DFR tools. The author proposes an eSC-DFR process model and eSC-DFR system architectural design that was implemented as part of this research illustrating the concepts of evidence collection, evidence pre-analysis, evidence preservation, system usability alongside other digital forensic principles and techniques. It is the view of the authors that the conclusions drawn from this research can spearhead the development of cutting-edge eSC-DFR systems that are intelligent, effective, user friendly and compliant with international standards.Dissertation (MEng)--University of Pretoria, 2019.Computer ScienceMScUnrestricte

Dynamic triads: service innovation within a supply network

This thesis explores supply network structures, from the perspective of service innovation, over a period of five years (2005-2010). The initiating actor in the network, a financial institution, could be regarded as being the source, or at least the catalyst, for network interactions linked to service innovation. Research underpinning this thesis investigates the nature of network interactions. Of particular interest are interactions that co-created opportunities at the point of knowledge exchange, which in turn led to innovative value propositions. The services sector generates over 70% of Gross Domestic Product (GDP) in developed economies and over 50% in developing ones. Nonetheless, most innovation-related research has focussed on goods rather than services (Paton and McLaughlin, 2008). In studies of services the focus of attention is generally the enabling Information and Communications Technology (ICT) provision. This focus, however, reinforces a goods- dominant view of innovation; namely, that services follow advances in knowledge associated to tangible goods - the ICT. Moreover, most such studies have focused their analysis at the dyad level. Literature reviewed led to a greater understanding of how a service innovation takes places within a supply network, what enables such an innovation, and what characteristics can be associated to a particular level of analysis. Answers contribute to theory building in the field of Supply Chain Management (SCM) field (Madhavan et al., 2004, Wu and Choi, 2005, Dubois and Fredriksson, 2008, Choi and Wu, 2009a, 2009b, Li and Choi, 2009, Wu et al., 2010), by evidencing that dynamic triads within a network are the key to fostering service innovation. Research was exploratory, embracing an inductive theory-building methodology based on a qualitative approach. Altogether, 42 semi-structured interviews were conducted, transcribed and analysed; and 265 documents (hardcopies, electronic files, e-mails and web sites) were examined. Research was undertaken in three stages: initial exploration, in-depth research and findings validation. The method led to an iterative dialogue between data collection and analysis, supported by NVivo, which allowed pattern identification and category coding (labelling). Three issues highlight changes in the triads observed: a focal dyad, roles played by participating actors, and network interactions among actors. Findings helped develop a proposal for the de Vries (2006) service system model—used in literature on services—to include a set of customers, a set of suppliers, a set of buyers and a set of outcomes interacting through their respective competencies and technologies. This model has already been used in service literature, and the enriched model proposed by the researcher is one he argues can strengthen SCM literature