SlideShare a Scribd company logo

supply chain management.pptx

Download as PPTX, PDF
M
MinnySkyy

In 3 sentences: The document discusses information systems for supply chain management and identifies uncertainties, risks, and cybersecurity as key issues. It proposes a new approach for identifying and predicting supply risk under uncertain conditions and a complex solution for securing data in supply chain information systems. Several strategies are discussed for managing risks from new technologies like cloud computing, IoT devices, and DevOps services that are increasingly used in supply chain systems.

Related slideshows

Cloud Application Security --Symantec
Cloud Application Security --Symantec Cloud Application Security --Symantec
Cloud Application Security --Symantec
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015
 
Clearswift f5 integration
Clearswift f5 integrationClearswift f5 integration
Clearswift f5 integration
 
1 of 16
Information Systems for Supply Chain Management : Uncertainties, Risks and Cyber Security Rosmini (200201072134)
In order to identify the most effective strategies of information support of supply chain the attention should focus on the identification and management of the sources of uncertainties, risks and cyber security. To successfully integrate business processes between suppliers and customers, manufacturers must solve the complex problem of information security. The main practical results are: proposed a new approach to the identification and prediction of supply risk within uncertainties conditions; proposed a complex solution to secure data in information systems for supply chain management. Abstrack
Introduction
The SCM system allows significantly better satisfy the demand for the company's products and significantly reduce the costs of logistics and purchasing. SCM covers the entire cycle of purchasing of raw materials, production and product distribution.
A well-functioning supply chain helps to improve the planning system, optimize warehouse inventory, make timely deliveries, ensure offer to demand conformity, reduce costs and, as a result, increase the company's market value. The current trends in the development of SCM technologies are defined by the enormous possibilities of the Internet. The chains of manufacturers, suppliers, contractors, transport and trading companies are intertwined in the most intimate way and are already real online networks. Companies merge into the business community, and the boundaries between them are disappeared. However, there is a transparency of joint activities, performers can quickly adapt to customer requirements, as well as quickly bring new products to the market using advanced methods of prediction and planning. The Internet is the simplest, cheapest, and most efficient technological means to manage and control the partner networks. Companies usually start with combination of the simplest activities using emails and workflow automation systems, then moving on to virtual docking of the most important business processes, and then merging into one virtual corporation within which the entire network is synchronized. This is already a transition to global e-commerce, when all business transactions and payments are arranged through the Web without exception.
For example, such a network system can minimize the impact of almost any negative external influences and create new products much faster than competitors. One of the first corporations that successfully switched to the parallel design of their products by uniting development teams from different countries is Hewlett-Packard. However, in spite of the obvious advantages of Web Supply Management, there is a huge amount of uncertainty and cyber security risks. Inefficient security methods include, such as not sufficiently fast fixing of known vulnerabilities, unlimited privileged access to cloud systems, and unmanaged terminators and infrastructure.
The use of proxy servers is often an integral part of the implementation and operation of Supply Chain Management. Proxy servers have existed since the Internet inception, and their functionality has developed directly with it. Today, information security specialists use proxy servers when scanning content to identify a potential threat that are search for vulnerable Internet infrastructures or network weaknesses that allow hackers to gain unauthorized access to Supply Chain Management, penetrate into them and conduct their campaigns. Types of vulnerabilities: Ways to conduct web-attacks
Table 1 shows the most common types of malicious software that hackers used from November 2017 to May 2018. The list given in Table 1 contains a number of the most reliable and cost- effective methods for compromising a large number of users of Supply Chain Management
Spyware Spyware providers advertise their software as legal tools that provide useful services and adhere to enduser license agreements. It is usually installed on a computer without the user's knowledge. In a corporate environment, spyware represents a number of potential security risks. Once installed, it monitors internet activity, tracks login credentials and stores sensitive information. The main purpose of spyware is usually to obtain credit card numbers, banking information and passwords.
Today, this is currently the most profitable way to get a lot of money from a business. In the simplest version, the campaign to compromise business email includes the delivery of email to employees of financial departments , who can send funds via bank transfer. Hackers usually carry out some researches in hierarchy of the companies and its employees, for example, using profiles in social networks, and build management vertical. This may be a letter from the CEO or another top manager asking him to transfer a non-cash payment to a prospective business partner or supplier. Since messages aimed to compromise the business email do not contain malicious or suspicious links, they can usually avoid almost all the most sophisticated threat defenses.
supply chain management.pptx
DevOps services DevOps is a developer principle to coordinate between teams, namely the development team with the operations team effectively and efficiently. Despite the fact that SCM in their own way are proprietary IC, they are based on free or shareware DevOps services. By this concept is meant such technologies as Docker, MySQL, MariaDB and other popular DevOps components . In January 2017, hackers began to encrypt publicly-available instances of MongoDB and demand a ransom for decryption. Later, hackers began to encrypt other types of databases, such as CouchDB and Elasticsearch. Services like DevOps services are often vulnerable because intentionally left open to facilitate access by legitimate users. About 75% of CouchDB servers can be classified as maximally open. As in the case of CouchDB, over 75% of Elasticsearch servers can be classified as maximally open. Unlike CouchDB, only an extremely small part of these servers may contain personal data. Docker is a software platform, whose operators from the very beginning paid great attention to security. However, despite these efforts, over 1,000 Docker instances are maximally open.
The difficulty in the security issue of IoT devices is added by the fact that informationsecurity specialistsmay not comprehendthe nature of the alarms coming from these devices.In addition,it is not always clear who among the employeesin the companyis responsiblein case of attacks on IoT. The teams responsible for implementingof these technologies, as a rule, leave the organizationafter the project is implemented. The Internet of Things is the interconnectionof physical devic The Internet of Things is the interconnection of physical devices,vehicles,buildingsand other items that have built-in electronics, software, sensors,actuators and are capable to connect to the network, allowing them to collect data and share it. es, vehicles, buildingsand other items that have built-in electronics, software, sensors, actuators and are capable to connect to the network, allowing them to collect data and share it. Industrial Internet of Things means only connected devices within a production control network as opposed to a corporate IT network or datacenter. However, as it grows, there is the increasingof security risk of organizationsand users. Security, as a rule, doesn’thave top priority when creating IoT devices. Many of these devices are far behind in terms of security from desktop systems and have vulnerabilities fixing of which can take months or even years. IoT The cloud is a new area for hackers who are actively exploring it in order to gain new potential for their attacks. Hackers realize that cloud systems are vital for many Web Supply Management. Modern dynamic networks provide more opportunities for attack creating new security risks and reducing the possibility of control. In addition, unauthorizedand so-called shadow IT devices and applications create problems.End- companies underestimate the risk of loopholes in their corporate network, cloud and end- device infrastructure. Evena simple router, firewall, or incorrect segmentationsetting can allow a hacker to break into the infrastructure and gain access to confidential data. Even a simple router, firewall, or incorrect segmentation setting can allow a hacker to break into the infrastructure and gain access to confidential data. Cloud technologies
Conclusion Organizations need real-time security context analysis to ensure easy control. In the absence of solutions that provide real-time monitoring and leak path detection, attackers can move around in the network without being noticed. In addition, organizations must test their segmentation policies and implement robust tools to verify the effectiveness of such policies. If security teams can only check with snapshots or old lists of managed devices, they can skip at least 20% of devices physically connected to the network via a wired connection. Such inventories should be regular and automatic, as the corporate network, cloud infrastructure and end-device infrastructure are constantly changing and cannot be effectively monitored by staff manually. The technological infrastructure of the transport industry has traditionally been based on closed, proprietary systems. Today, the industry is moving to modern network connections. It is necessary to move to connected IP systems because existing systems require expensive maintenance and are complex. In addition, consumers are waiting for new secure and mobile services that the existing communication infrastructure cannot offer.
supply chain management.pptx
supply chain management.pptx

More Related Content

supply chain management.pptx

  • 1. Information Systems for Supply Chain Management : Uncertainties, Risks and Cyber Security Rosmini (200201072134)
  • 2. In order to identify the most effective strategies of information support of supply chain the attention should focus on the identification and management of the sources of uncertainties, risks and cyber security. To successfully integrate business processes between suppliers and customers, manufacturers must solve the complex problem of information security. The main practical results are: proposed a new approach to the identification and prediction of supply risk within uncertainties conditions; proposed a complex solution to secure data in information systems for supply chain management. Abstrack
  • 4. The SCM system allows significantly better satisfy the demand for the company's products and significantly reduce the costs of logistics and purchasing. SCM covers the entire cycle of purchasing of raw materials, production and product distribution.
  • 5. A well-functioning supply chain helps to improve the planning system, optimize warehouse inventory, make timely deliveries, ensure offer to demand conformity, reduce costs and, as a result, increase the company's market value. The current trends in the development of SCM technologies are defined by the enormous possibilities of the Internet. The chains of manufacturers, suppliers, contractors, transport and trading companies are intertwined in the most intimate way and are already real online networks. Companies merge into the business community, and the boundaries between them are disappeared. However, there is a transparency of joint activities, performers can quickly adapt to customer requirements, as well as quickly bring new products to the market using advanced methods of prediction and planning. The Internet is the simplest, cheapest, and most efficient technological means to manage and control the partner networks. Companies usually start with combination of the simplest activities using emails and workflow automation systems, then moving on to virtual docking of the most important business processes, and then merging into one virtual corporation within which the entire network is synchronized. This is already a transition to global e-commerce, when all business transactions and payments are arranged through the Web without exception.
  • 6. For example, such a network system can minimize the impact of almost any negative external influences and create new products much faster than competitors. One of the first corporations that successfully switched to the parallel design of their products by uniting development teams from different countries is Hewlett-Packard. However, in spite of the obvious advantages of Web Supply Management, there is a huge amount of uncertainty and cyber security risks. Inefficient security methods include, such as not sufficiently fast fixing of known vulnerabilities, unlimited privileged access to cloud systems, and unmanaged terminators and infrastructure.
  • 7. The use of proxy servers is often an integral part of the implementation and operation of Supply Chain Management. Proxy servers have existed since the Internet inception, and their functionality has developed directly with it. Today, information security specialists use proxy servers when scanning content to identify a potential threat that are search for vulnerable Internet infrastructures or network weaknesses that allow hackers to gain unauthorized access to Supply Chain Management, penetrate into them and conduct their campaigns. Types of vulnerabilities: Ways to conduct web-attacks
  • 8. Table 1 shows the most common types of malicious software that hackers used from November 2017 to May 2018. The list given in Table 1 contains a number of the most reliable and cost- effective methods for compromising a large number of users of Supply Chain Management
  • 9. Spyware Spyware providers advertise their software as legal tools that provide useful services and adhere to enduser license agreements. It is usually installed on a computer without the user's knowledge. In a corporate environment, spyware represents a number of potential security risks. Once installed, it monitors internet activity, tracks login credentials and stores sensitive information. The main purpose of spyware is usually to obtain credit card numbers, banking information and passwords.
  • 10. Today, this is currently the most profitable way to get a lot of money from a business. In the simplest version, the campaign to compromise business email includes the delivery of email to employees of financial departments , who can send funds via bank transfer. Hackers usually carry out some researches in hierarchy of the companies and its employees, for example, using profiles in social networks, and build management vertical. This may be a letter from the CEO or another top manager asking him to transfer a non-cash payment to a prospective business partner or supplier. Since messages aimed to compromise the business email do not contain malicious or suspicious links, they can usually avoid almost all the most sophisticated threat defenses.
  • 12. DevOps services DevOps is a developer principle to coordinate between teams, namely the development team with the operations team effectively and efficiently. Despite the fact that SCM in their own way are proprietary IC, they are based on free or shareware DevOps services. By this concept is meant such technologies as Docker, MySQL, MariaDB and other popular DevOps components . In January 2017, hackers began to encrypt publicly-available instances of MongoDB and demand a ransom for decryption. Later, hackers began to encrypt other types of databases, such as CouchDB and Elasticsearch. Services like DevOps services are often vulnerable because intentionally left open to facilitate access by legitimate users. About 75% of CouchDB servers can be classified as maximally open. As in the case of CouchDB, over 75% of Elasticsearch servers can be classified as maximally open. Unlike CouchDB, only an extremely small part of these servers may contain personal data. Docker is a software platform, whose operators from the very beginning paid great attention to security. However, despite these efforts, over 1,000 Docker instances are maximally open.
  • 13. The difficulty in the security issue of IoT devices is added by the fact that informationsecurity specialistsmay not comprehendthe nature of the alarms coming from these devices.In addition,it is not always clear who among the employeesin the companyis responsiblein case of attacks on IoT. The teams responsible for implementingof these technologies, as a rule, leave the organizationafter the project is implemented. The Internet of Things is the interconnectionof physical devic The Internet of Things is the interconnection of physical devices,vehicles,buildingsand other items that have built-in electronics, software, sensors,actuators and are capable to connect to the network, allowing them to collect data and share it. es, vehicles, buildingsand other items that have built-in electronics, software, sensors, actuators and are capable to connect to the network, allowing them to collect data and share it. Industrial Internet of Things means only connected devices within a production control network as opposed to a corporate IT network or datacenter. However, as it grows, there is the increasingof security risk of organizationsand users. Security, as a rule, doesn’thave top priority when creating IoT devices. Many of these devices are far behind in terms of security from desktop systems and have vulnerabilities fixing of which can take months or even years. IoT The cloud is a new area for hackers who are actively exploring it in order to gain new potential for their attacks. Hackers realize that cloud systems are vital for many Web Supply Management. Modern dynamic networks provide more opportunities for attack creating new security risks and reducing the possibility of control. In addition, unauthorizedand so-called shadow IT devices and applications create problems.End- companies underestimate the risk of loopholes in their corporate network, cloud and end- device infrastructure. Evena simple router, firewall, or incorrect segmentationsetting can allow a hacker to break into the infrastructure and gain access to confidential data. Even a simple router, firewall, or incorrect segmentation setting can allow a hacker to break into the infrastructure and gain access to confidential data. Cloud technologies
  • 14. Conclusion Organizations need real-time security context analysis to ensure easy control. In the absence of solutions that provide real-time monitoring and leak path detection, attackers can move around in the network without being noticed. In addition, organizations must test their segmentation policies and implement robust tools to verify the effectiveness of such policies. If security teams can only check with snapshots or old lists of managed devices, they can skip at least 20% of devices physically connected to the network via a wired connection. Such inventories should be regular and automatic, as the corporate network, cloud infrastructure and end-device infrastructure are constantly changing and cannot be effectively monitored by staff manually. The technological infrastructure of the transport industry has traditionally been based on closed, proprietary systems. Today, the industry is moving to modern network connections. It is necessary to move to connected IP systems because existing systems require expensive maintenance and are complex. In addition, consumers are waiting for new secure and mobile services that the existing communication infrastructure cannot offer.