Cybersecurity Supply Chain Risk Management Using NIST SP 800-161r1


Authors

  • Rahmi Aulia Astri Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
  • Muhammad Jazman Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
  • Syaifullah Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
  • Eki Saputra Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia

DOI:

https://doi.org/10.30865/klik.v3i6.799

Keywords:

Security; NIST SP 800-161r1; Supply Chain; Risk

Abstract

Supply chain security issues were related to the product life cycle in an information system so it can harm the success of a company. Nowadays, there has been a paucity of analytical and decision-support tools used to analyze security supply chains. The purpose of this research was to determine the maturity level of supply chain risk management so that the research results can provide mitigation and optimize decision support to minimize supply chain risk in a company. The stages of this research started with a literature study, identification of the problem, data collection, and data analysis. Data collection was carried out using a questionnaire with a Likert scale referring to NIST SP 800-161r1. Data analysis was performed using descriptive statistics to describe the maturity level of cyber security supply chain risk management. The results showed that the level of maturity in cybersecurity supply chain risk management using NIST SP 800-161 was at level 3, namely the Defined level. These findings provide recommendations for companies to improve the contingency plan aspect because it had a score with the lowest gap, especially in every product change activity carried out in the system

Downloads

Download data is not yet available.

References

G. Kao dkk., “Supply chain lifecycle decision analytics,” dalam 2014 International Carnahan Conference on Security Technology (ICCST), IEEE, 2014, hlm. 1–7.

E. McDaniel, M. Albert, B. Cohen, dan C. J. Ortiz, “Making Smart Decisions About Supply Chain Security in the Age of Globalization,” 2017.

T. Sianturi dan K. Ramli, “A Security Framework for Secure Host-to-Host Environments,” J. RESTI Rekayasa Sist. Dan Teknol. Inf., vol. 6, no. 3, hlm. 380–386, 2022.

C. Topping, O. Michalec, dan A. Rashid, “Contrasting global approaches for identifying and managing cybersecurity risks in supply chains,” ArXiv Prepr. ArXiv220802244, 2022.

N. Guangnan, C. Xiaohua, S. Yanmin, W. Hailong, dan X. Kefu, “Research on International ICT Supply Chain Security Management with Suggestions,” Strateg. Study Chin. Acad. Eng., vol. 18, no. 6, hlm. 104–109, 2016.

S. Tweneboah-Koduah dan W. J. Buchanan, “Security risk assessment of critical infrastructure systems: A comparative study,” Comput. J., vol. 61, no. 9, hlm. 1389–1406, 2018.

J. Boyens, C. Paulsen, L. Feldman, dan G. Witte, “ITL BULLETIN FOR JUNE 2015 INCREASING VISIBILITY AND CONTROL OF YOUR ICT SUPPLY CHAINS”.

“Huawei-ZTE Investigative Report (FINAL).pdf.”

A. M. Pita, “Real-World Cyber Security Challenges in Rail Systems.” 2020.

J. Boyens, C. Paulsen, R. Moorthy, N. Bartol, dan S. A. Shankles, “Supply chain risk management practices for federal information systems and organizations,” NIST Spec. Publ., vol. 800, no. 161, hlm. 32, 2015.

J. Boyens, A. Smith, N. Bartol, K. Winkler, A. Holbrook, dan M. Fallon, “Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations,” National Institute of Standards and Technology, Okt 2021. doi: 10.6028/NIST.SP.800-161r1-draft2.

A. Ramadhan, “Analisa Perhitungan Tingkat Maturity Menggunakan COBIT 2019 Domain BAI06,” FTI, 2022.

H. N. Izzati, I. Baihaqi, dan D. S. Ardiantono, “Pengukuran Supply Chain Maturity Pada PT X,” J. Tek. ITS, vol. 10, no. 2, hlm. F197–F202, Des 2021, doi: 10.12962/j23373539.v10i2.70324.

E. Riana, M. E. S. Sulistyawati, dan O. P. Putra, “Analisis Maturity Level Dan PDCA Dalam Penerapan Audit Sistem Manajemen Keamanan Informasi Pada PT Indonesia Game Menggunakan ISO 27001: 2013,” Inform. Educ. Prof. J. Inform., vol. 7, no. 1, hlm. 39–50, 2022.

N. fitrianti Fahrudin, A. Nugraha S, dan K. Ramadhan Putra, “Penilaian Risiko Keamanan Data Karyawan Pada Sistem Informasi Dengan Menggunakan Framework Nist Sp 800-30 pada PT. ABC,” J. Ilm. Teknol. Infomasi Terap., vol. 8, no. 3, Agu 2022, doi: 10.33197/jitter.vol8.iss3.2022.900.

A. Salsabila, “PENILAIAN RISIKO UNTUK MEREKOMENDASIKAN KONTROL KEAMANAN PADA SISTEM INFORMASI AKADEMIK (SIAKAD) CLOUD SERVICE PROVIDER DENGAN NIST SP 800-30,” PhD Thesis, UPN’Veteran" Yogyakarta, 2022.

Y. You, S. Bae, S. J. Kim, dan D. H. Kim, “A Study on the Supplementation of the Korea’s National Information Security Manual from the Perspective of Cyber Supply Chain Security,” J. Korea Inst. Inf. Secur. Cryptol., vol. 32, no. 2, hlm. 309–327, 2022.

Joint Task Force Interagency Working Group, “Security and Privacy Controls for Information Systems and Organizations,” National Institute of Standards and Technology, Sep 2020. doi: 10.6028/NIST.SP.800-53r5.

I. P. S. Syahindra, C. H. Primasari, dan A. B. P. Iriantor, “EVALUASI RISIKO KEAMANAN INFORMASI DISKOMINFO PROVINSI XYZ MENGGUNAKAN INDEKS KAMI DAN ISO 27005?: 2011,” J. Teknoinfo, vol. 16, no. 2, Art. no. 2, Jul 2022, doi: 10.33365/jti.v16i2.1246.

M. J. Cotteleer dkk., “Cybersecurity Requirements for AM Systems: New Enforcement in DoD Environments, and Resources for Implementation,” dalam Proceedings of the 2021 Workshop on Additive Manufacturing (3D Printing) Security, 2021, hlm. 49–60.

Y. Kurii dan I. Opirskyy, “Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001: 2013,” NIST Spec. Publ., vol. 800, no. 53, hlm. 10.

M. Abrams, “Applying NIST SP 800-53 to Industrial Control Systems”.

J. Martínez dan J. M. Durán, “Software supply chain attacks, a threat to global cybersecurity: SolarWinds’ case study,” Int. J. Saf. Secur. Eng. Vol, vol. 11, no. 5, hlm. 537–545, 2021.


Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Cybersecurity Supply Chain Risk Management Using NIST SP 800-161r1

Dimensions Badge

ARTICLE HISTORY


Published: 2023-06-24
Abstract View: 909 times
PDF Download: 662 times

Issue

Vol. 3 No. 6 (2023): Juni 2023

Section

Articles

Copyright (c) 2023 Rahmi Aulia Astri, Muhammad Jazman, Syaifullah, Eki Saputra

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).