Supplier Development Framework in Supply Chain Cybersecurity Evaluation of Small and Medium-sized Enterprises
Author(s)
Chang, Erh Chieh
DownloadThesis PDF (2.589Mb)
Advisor
Pearlson, Keri
Terms of use
Metadata
Show full item recordAbstract
Modern organizations rely on suppliers to meet customer needs and improve operations. However, the interconnectedness between organizations and their suppliers, brought about by digital transformation, has led to an increase in significant cyber breaches. To mitigate these risks, organizations use various methods and tools to both assess and monitor potential threats. Despite this, a gap exists between assessment and monitoring/improvement. The objective of this study is to address the gap between cybersecurity assessment and monitoring/improvement by developing a supplier development process in the supply chain that enhances the cybersecurity capability of small and medium enterprise (SME) suppliers. The theoretical framework is built on a literature review, anecdote evidence and best practices in supply chain management, and feedback from industry experts. The framework is a four-stage process that enhances the cybersecurity capability of SME suppliers by improving their security posture, providing training, and fostering collaboration between suppliers and clients. The study highlights the importance of collaborative capability building between client organizations and suppliers to improve cybersecurity. Future research can focus on developing this concept further and exploring its implementation in various industries.
Date issued
2023-06Department
System Design and Management Program.Publisher
Massachusetts Institute of Technology