Abstract
The growing frequency of cyber-attacks on supply chains has jeopardized organizational integrity and data security, underscoring the need to strengthen Cyber Supply Chain Risk Management (CSCRM) frameworks. This paper explores the application, effectiveness, and challenges of three key frameworks—ISO, NIST, and NIS2—in mitigating third-party risks within the cyber supply chain. Using an empirical research approach, data was collected from domain experts in the field of information security. The analysis focuses on how effectively these frameworks enhance organizational data security and the practices surrounding their adoption and implementation. This study contributes valuable insights to CSCRM practices, offering actionable findings for organizations seeking to bolster their cyber defenses. The results also provide policymakers with a deeper understanding of the challenges that need to be addressed for future improvements in CSCRM frameworks.
| Original language | English |
|---|---|
| Pages (from-to) | 591-599 |
| Number of pages | 9 |
| Journal | Procedia Computer Science |
| Volume | 263 |
| DOIs | |
| Publication status | Published - 2025 |
| Externally published | Yes |
| Event | 2024 International Conference on Industry Sciences and Computer Science Innovation, iSCSi 2024 - Porto, Portugal Duration: 29 Oct 2024 → 31 Oct 2024 |
Bibliographical note
Publisher Copyright:© 2025 The Authors. Published by Elsevier B.V.
Keywords
- Cyber Supply Chain Risk Management (CSCRM)
- Cybersecurity frameworks
- ISO
- NIS2
- NIST
- Third-party cyber risks