%0 Journal Article %J Technology Innovation Management Review %D 2015 %T Building Cyber-Resilience into Supply Chains %A Adrian Davis %K cyber-resilience %K cybersecurity %K direct suppliers %K indirect suppliers %K information-centric approach %K procurement %K requirements %K resilience %K supply chain %K Tier 1 suppliers %X The article discusses how an organization can adopt an information-centric approach to protect its information shared in one or more supply chains; clearly communicate the expectations it has for a direct (Tier 1) supplier to protect information; and use contracts and measurement to maintain the protection desired. Building on this foundation, the concept of resilience – and that of cyber-resilience – is discussed, and how an information-centric approach can assist in creating a more cyber-resilient supply chain. Finally, the article concludes with five steps an organization can take to improve the protection of its information: i) map the supply chain; ii) build capability; iii) share information and expertise; iv) state requirements across the supply chain using standards, common frameworks, and languages; and v) measure, assess, and audit. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 5 %P 19-27 %8 04/2015 %G eng %U http://timreview.ca/article/887 %N 4 %1 (ISC)2 Adrian Davis, PhD, MBA, FBCS CITP, CISSP, heads the Europe, Middle East, and Africa (EMEA) team for (ISC)2, the global, not-for-profit leader in educating and certifying information security professionals throughout their careers. His role is to deliver the (ISC)2 vision of inspiring a safe and secure cyber-world and its mission of supporting and providing members and constituents with credentials, resources, and leadership to secure information and deliver value to society. Before working for (ISC)2, Adrian delivered practical business solutions to over 360 blue-chip multinational clients for the Information Security Forum. His expertise included: managing information security in supply chains; information security governance and effectiveness; the relationship between information security and business continuity; and possible near-term threats to organizations. Adrian regularly attends and chairs conferences and contributes articles for the press. He also contributed to the development of ISO/IEC 27014: Governance of Information Security and currently acts as a co-editor for ISO/IEC 27036 Information Security in Supplier Relationships, Part 4: Guidelines for Security of Cloud Services. %R http://doi.org/10.22215/timreview/887