Analysis of Security Behaviors of Supply Chain Professionals
Author
Abstract

Improvements in information technology and developments in AI enable supply chain professionals to improve efficiencies. The digitization of supply chains facilitates integration of upstream and downstream resources but also increases the likelihood of cyber attacks. Existing literature reflects a rapid rise in cyber attacks targeting supply chains, with a significant number of data breaches attributed to employee errors. Therefore, as supply chain professionals pose an insider risk to supply chain cybersecurity, this research delves into their information security behaviors. The objective is to assess the security practices of supply chain professionals and identify strategies for improvement. To that end, we conducted a survey using Amazon Mechanical Turk with 763 usable responses, including 167 individuals from the field of supply chain management. The survey consisted of 27 Likert scale questions, with 16 drawn from the Security Behavior Intentions Scale (SeBIS) and 11 from the Human Aspects of Information Security Questionnaire (HAIS-Q), supplemented by 11 demographic-related queries. Utilizing principles from information theory for analysis, results of this preliminary research reveal significant inconsistency in information security behaviors among supply chain professionals, particularly with Password Generation, Device Securement, and Proactive Awareness. Ultimately, this research is part of a larger project that seeks to provide recommendations for training programs aimed at reducing the risk of incidents or breaches stemming from trusted insider professionals within the supply chain.

Year of Conference
2024
Conference Name
IISE Annual Conference and Expo
Number of Pages
6
Date Published
05/2023
Publisher
Institute of Industrial and Systems Engineers
Conference Location
Montreal, Quebec, Canada
Google Scholar | BibTeX