Διαχείριση επικινδυνότητας στην εφοδιαστική αλυσίδα : σύγκριση NIST SP 800-161r1 & ISO 27036
View/
Keywords
NIST SP 800-161r1 ; ISO/IEC 27036-2 ; Εφοδιαστική αλυσίδα ; Διαχείριση κινδύνων ; NIS2Abstract
Supply chain security is becoming increasingly critical in the modern digital era, as organ-izations heavily depend on external providers of technology and services. This study aims to deliver an in-depth analysis and comparative assessment of two significant security frameworks addressing supply chain protection: NIST SP 800-161 Revision 1 and ISO/IEC 27036, with the objective of highlighting their suitability, comprehensiveness, and practical applicability.
The research begins with an overview of cybersecurity in the supply chain, the threats organizations face, and the regulatory requirements introduced by the NIS2 Directive. It then proceeds with a detailed analysis of the structure, principles, and procedures defined in both standards. The methodology adopted is based on the development of a quanti-tative evaluation framework, comprising ten (10) categories of assessment criteria with associated indicators.
The comparative evaluation revealed that NIST SP 800-161r1 demonstrates superiority in terms of practical implementation and the integration of Cyber Supply Chain Risk Man-agement (C-SCRM) into an organization’s operational processes. On the other hand, ISO 27036 provides a more prescriptive and procedural framework, focusing on the definition and enforcement of requirements by the parties involved. The convergence of both stand-ards is proposed as an optimal approach to strengthening the cyber resilience of supply chains.
The study concludes with findings that underscore the importance of multi-layered risk management, the alignment of compliance with business objectives, and the need for future research into evaluation methods and supporting tools for managing supply chain risks.