{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:26:07Z","timestamp":1763663167047},"reference-count":33,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,10,1]]},"abstract":"<p>Information technology (IT) supply chains are subject to security risks even during the most stable of economic times, However, when economies come under stress due to brisk growth or rapid contraction, IT supply chains become greater targets for nefarious players, be they employees, hackers, terrorists or nation states, for a variety of reasons. Maintaining both cyber and physical security of owned systems and facilities, over which you have direct control, is difficult and expensive enough under normal conditions. However, attempting to preserve adequate levels of security over third parties, be they process outsourcers, product vendors or contractors, is much more challenging and can be extremely costly in time, money and resources. It is also fraught with organizational, social, economic, political, geographical and contractual challenges. In this paper, the authors list a broad range of potential IT-related security risks and suggest how they might become exacerbated during times of economic stress. Mitigation of these risks may call for extreme measures. Some actions are reasonable and straightforward to implement, whereas others require substantial effort and indeed may not be achievable under current legal and regulatory conditions. The authors offer recommendations for overcoming manageable hurdles, and suggest how some reduction in risk might be attained even in situations where ready solutions are not yet available.<\/p>","DOI":"10.4018\/ijcwt.2013100107","type":"journal-article","created":{"date-parts":[[2014,4,9]],"date-time":"2014-04-09T14:26:13Z","timestamp":1397053573000},"page":"58-73","source":"Crossref","is-referenced-by-count":2,"title":["Security Risks to IT Supply Chains under Economic Stress"],"prefix":"10.4018","volume":"3","author":[{"given":"C. Warren","family":"Axelrod","sequence":"first","affiliation":[{"name":"Delta Risk LLC, Arlington, VA, USA"}]},{"given":"Sukumar","family":"Haldar","sequence":"additional","affiliation":[{"name":"Director of Application Development and Risk Management, Anshinsoft Inc., New York, NY, USA"}]}],"member":"2432","reference":[{"key":"ijcwt.2013100107-0","author":"C. W.Axelrod","year":"2004","journal-title":"Outsourcing information security"},{"key":"ijcwt.2013100107-1","unstructured":"Axelrod, C. W. (2008a). Security and change (pt. 1). Blackouts, April 7, 2008. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-2","unstructured":"Axelrod, C. W. (2008b). Security and change (pt. 2). Black Swans, April 14, 2008. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-3","unstructured":"Axelrod, C. W. (2008c). Security and change (pt. 3). White Knights, April 21, 2008. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-4","unstructured":"Axelrod, C. W. (2008d). IT and Infosec insourcing\u2014Could you do it if you wanted? July 3, 2008. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-5","unstructured":"Axelrod, C. W. (2008e). Security in times of crisis, September 30, 2008. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-6","article-title":"An adaptive threat-vulnerability model and the economics of protection","author":"C. W.Axelrod","year":"2009","journal-title":"Social and human elements of information security: Emerging trends and countermeasures"},{"key":"ijcwt.2013100107-7","unstructured":"Axelrod, C. W. (2009b). Investing in software resiliency. Crosstalk Magazine, 22(6), 20-25. Retrieved from http:\/\/www.crosstalkonline.org\/"},{"key":"ijcwt.2013100107-8","unstructured":"Axelrod, C. W. (2009c). Embedded exploits, February 2, 2009. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-9","unstructured":"Axelrod, C. W. (2009d). Satyam\u2014A hot (but not sweet) potato, March 2, 2009. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-10","unstructured":"Axelrod, C. W. (2009e). The state of cyber warfare, December 14, 2009. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-11","unstructured":"Axelrod, C. W. (2009f). EMP\u2014Yet another critical infrastructure concern, December 28, 2009. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-12","unstructured":"Axelrod, C. W. (2010a). Cybergeddon ... Ho hum, March 29, 2010. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-13","unstructured":"Axelrod, C. W. (2010b). Cyber\u2014The 13th event? July 26, 2010. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-14","unstructured":"Axelrod, C. W. (2010c). iSuppli you, you supply me, and the twain shall meet, October 25, 2010. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-15","unstructured":"Axelrod, C. W. (2010d). Software begat hardware begat software begat ... November 8, 2010. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-16","unstructured":"Axelrod, C. W. (2011). Supply chains at risk, April 4, 2011. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-17","unstructured":"Axelrod, C. W. (20012a). Supply chain management and catastrophes, May16,2012. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-18","unstructured":"Axelrod, C. W. (2012b). Outsourcing risk and loss of fidelity, June 11, 2012. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-19","unstructured":"Axelrod, C. W. (2012c). Supply chain links, June 25, 2012. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-20","unstructured":"Axelrod, C. W. (2013a). Outsourcing and offshoring\u2014Now insourcing and reshoring, March 12, 2013. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-21","unstructured":"Axelrod, C. W. (2013b). Oil rigs\u2019 software attacked by malware, June 17, 2013. Retrieved from www.bloginfosec.com"},{"key":"ijcwt.2013100107-22","unstructured":"Bayuk, J. (2009). Vendor due diligence. ISACA Journal, 3, 34-38. Retrieved from www.isaca.org"},{"key":"ijcwt.2013100107-23","unstructured":"Berinato, S. (2001). Security outsourcing: Exposed! CIO Magazine, August 1, 2001. Retrieved from www.cio.com"},{"issue":"10","key":"ijcwt.2013100107-24","first-page":"16","article-title":"Corporate accounting fraud: A case study of Satyam Computers Limited.","volume":"3","author":"M. L.Bhasin","year":"2012","journal-title":"International Journal of Contemporary Business Studies"},{"key":"ijcwt.2013100107-25","first-page":"104","article-title":"Security alert: When the economy\u2019s down \u2013 and budgets are stressed \u2013 the threat level rises.","author":"G. K.Campbell","year":"2009","journal-title":"Harvard Business Review"},{"issue":"3","key":"ijcwt.2013100107-26","first-page":"57","article-title":"The risks of outsourcing IT.","volume":"47","author":"M. J.Earl","year":"1996","journal-title":"Sloan Management Review"},{"key":"ijcwt.2013100107-27","unstructured":"GAO (U.S. Government Accountability Office). (2012). IT supply chain: National security-related agencies need to better address risks. GAO-12-361, March 2012. Retrieved from http:\/\/www.gao.gov\/assets\/590\/589568.pdf"},{"key":"ijcwt.2013100107-28","unstructured":"Gorman, S. (2008). Fraud ring funnels data from cards to Pakistan. The Wall Street Journal, October 11, 2008. Retrieved from http:\/\/online.wsj.com\/news\/articles\/SB122366999999723871#printMode"},{"key":"ijcwt.2013100107-29","unstructured":"NIST (National Institute of Standards and Technology). (2013). Supply chain risk management practices for federal information systems and organizations. NIST Special Publication Draft 800-161, August 2013. Retrieved from http:\/\/csrc.nist.gov\/publications\/drafts\/800-161\/sp800_161_draft.pdf"},{"key":"ijcwt.2013100107-30","author":"J.Rost","year":"2005","journal-title":"The insider\u2019s guide to outsourcing risks and rewards"},{"key":"ijcwt.2013100107-31","author":"I.Tho","year":"2005","journal-title":"Managing the risks of outsourcing"},{"key":"ijcwt.2013100107-32","unstructured":"Zarrella, E. (2009). Managing IT governance through market turbulence. ISACA Journal, 4. Retrieved from www.isaca.org"}],"container-title":["International Journal of Cyber Warfare and Terrorism"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=105193","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T00:07:22Z","timestamp":1654128442000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijcwt.2013100107"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2013,10,1]]},"references-count":33,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,10]]}},"URL":"https:\/\/doi.org\/10.4018\/ijcwt.2013100107","relation":{},"ISSN":["1947-3435","1947-3443"],"issn-type":[{"value":"1947-3435","type":"print"},{"value":"1947-3443","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,10,1]]}}}