Identifying Information Security Risks in the Supply Chain

Why Should You Attend:

A firm’s climate and linked environment should reflect a culture promoting cross-process cooperation and teamwork, supporting compliance and continuous process improvement, and managing process variations well. Supply chain (external) and business processes (internal) strategies should reflect connectivity and rational selection. Thereby, the integration of information flows is a prerequisite to aligning and streamlining processes. Whereas the integration of commodity flows lessens waste and improves the efficiency of inter-firm processes. Thus, preventively, achieving internal and external process integration alignment with appropriate information security controls is imperative under current business environment conditions.

Security threats can hinder or reduce the possibility for business and information technology (IT) objective achievement, value creation and value preservation. Designing and maintaining appropriate information security governance risk management requires proportional assessments of implemented IT general and application controls. As general and application security categories, major risks to an organization implementing and using IT are deficient logical access controls and weak network infrastructure security. Furthermore, inappropriate environmental controls, misaligned risk responses, and inadequate physical access controls are significant risks to an organization implementing and using supply chain IT. Moreover, ineffective confidential information life cycle protection is a major risk to an organization implementing and using supply chain IT.

Firms typically design and deploy supply chain process integration for achieving specific objectives; while simultaneously, inscribing best-practice solutions to reduce the risk of inappropriate responses to environmental conditions. Frequently, creating value from intellectual and knowledge-based assets encompasses systematizing what employees, partners and customers know, then sharing the resulting information to devise or engage best-practices. Thus, in terms of content, this webinar converts selected standards and best practices into practical applications using detailed examples. This webinar also allows organizational employees to understand various steps and processes required to initiate, document and compile supply chain security risks. Collectively, this webinar presents foundational knowledge for enabling appropriate consideration of the role information system security plays in supporting the supply chain.

Supply chain risk management combines a systematic approach for identifying risk and defining the impact on an enterprise’s ability to provide goods and services. Cascading, an organization’s environment is a significant factor influencing supply chain IT risk management. Management’s business processes and IT risk assessments should assist in determining organizational control intensity. Therefore, management should determine information asset risk magnitude to ensure adequate resource allocations for threats, opportunities, and vulnerabilities that impact the institution. In this regard, supply chain IT risks can affect tangible and intangible assets, including a firm’s: image, reputation, financial instruments, consumer confidence, proprietary information, and competitive advantage. In addressing IT issues, the organization strategy for presenting supply chain information systems security risks will encompass a plan, then the benefits, and last an anecdote.

Areas Covered in the Webinar:

• Forces affecting the supply chain
• Information security principles
• Information security practices
• Strategic information risk considerations
• Tactical information risk considerations
• Operational information risk considerations
• Critical supply chain IT risk assessment success factors
• Evaluating supply chain IT risk countermeasures
• Supply chain risk evaluation tools and techniques

Who Will Benefit:

• Risk Management Managers
• External Auditors
• Internal Auditors
• Supply Chain Managers
• Chief Information Officers
• Compliance Managers
• Chief Information Security Officers

Robert E. Davis
Professor, Temple and West Chester University

Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology.

Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information system auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.

Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.

Follow us :