A Master of Science in Engineering Systems Management Submitted by Ahmed Maher Al-Nunu Entitled, "Modeling and Analysis of Information Security in Supply Chain Management," June 2006. Available are Both Soft and Hard Copies of the Thesis.
This research presents a quantitative information security model using measurable values to describe the security of information system in supply chain management (SCM). The security of supply chain management concerns the security of various interactions among many drivers. Each driver requires a different security level relevant to the services it contributes to the overall supply chain. This research proposes a security model in which each of the basic goals of security, i.e., confidentiality, integrity, availability and accountability, are assigned a different weight appropriate to the driver's mission. A semi-Markov chain model is used to describe a probabilistic nature of different security levels for each driver in the SCM system. A transition matrix representing the semi-Markov chain model of each driver is developed. Then, a system-wide security for SCM is produced using the transition matrices of each agent to reach steady-state probabilities of the organization's information security. Comparison of the steady-state security for SCM model with different levels of attacks is presented, and the obtained results are then analyzed. To achieve higher, reliable and secure SCM information system, each driver should have full control, feedback, availability and recovery for its own security. However, there is a tradeoff between process integration and security of the information shared among all drivers. There is a demand to have a measuring tool of the security level for each driver and its impact on the other drivers' security. This model is used to present several scenarios with different levels of attackers. The model has been tested for SCM with four drivers where each driver has a different mission so the authors assigned different values of confidentiality, integrity, availability and accountability to each driver as deemed relevant to their mission. In addition, seven levels of attackers (5%, 20%...95%) were tested to present different security responses. The model runs for steady-state for all combinations. The outcome of this research shows that the SCM sharing security and information has been improved at all level of attacks. Individual driver exposed to higher risk of attack can lead to a higher vulnerability of the SCM. In addition, this model has been tested for wider applications such as; electronic commerce systems; multi agent organizations.