@article {887, title = {Building Cyber-Resilience into Supply Chains}, journal = {Technology Innovation Management Review}, volume = {5}, year = {2015}, month = {04/2015}, pages = {19-27}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {The article discusses how an organization can adopt an information-centric approach to protect its information shared in one or more supply chains; clearly communicate the expectations it has for a direct (Tier 1) supplier to protect information; and use contracts and measurement to maintain the protection desired. Building on this foundation, the concept of resilience {\textendash} and that of cyber-resilience {\textendash} is discussed, and how an information-centric approach can assist in creating a more cyber-resilient supply chain. Finally, the article concludes with five steps an organization can take to improve the protection of its information: i) map the supply chain; ii) build capability; iii) share information and expertise; iv) state requirements across the supply chain using standards, common frameworks, and languages; and v) measure, assess, and audit.}, keywords = {cyber-resilience, cybersecurity, direct suppliers, indirect suppliers, information-centric approach, procurement, requirements, resilience, supply chain, Tier 1 suppliers}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/887}, url = {http://timreview.ca/article/887}, author = {Adrian Davis} }