A Systematic Method for Constructing ICT Supply Chain Security Requirements

A Systematic Method for Constructing ICT Supply Chain Security Requirements

연구 분야: Verification

학회: International Symposium on Emerging Information Security and Applications

This paper studies how to construct Information and Communication Technology (ICT) supply chain security requirements from the perspective of ICT supply chain security assurance. Firstly, the security environment of ICT supply chain is established through ICT supply chain relationship, product life cycle stages, security driving factors and security properties. Then it is proposed to derive ICT supply chain security requirements from regulatory requirements and security best practices, each requirement is validated through the Asset-Threat-Objective-Requirement (ATOR) methodology, and 10 categories of 100 items of ICT supply chain security requirements are established in this way. Finally, the application scenarios and usages of ICT supply chain security requirements are described.