TY - GEN
T1 - A Reference Model for Information Security of Information and Communication Technology Product Supply Chain
AU - Dong, Liangyu
AU - Hong, Sheng
AU - Zhao, Jianing
AU - Wang, Jiacheng
AU - Li, Yang
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Information and Communication Technology (ICT) products are becoming increasingly important in people's daily lives, and cyberspace security issues caused by ICT supply chains have attracted widespread attention. This paper reflects that, even while various contributions were made towards the construction of information security frameworks, there appears still to be an absence of an explicit reference model. The choice of research subject here is ICT supply chains, in which a reference security model framework for cyberspace security of ICT supply chains is discussed. The reference model developed is based on the application of the NIST information security reference model methodology. Conducting a thorough analysis of ICT supply chain structure and information security risk, we categorize the various kinds of information security attacks on ICT supply chain and catalog them on the security target reference model. This developed model of reference information security shall serve as an excellent articulation of how to boost the confidentiality, integrity, and availability of systems design, analysis, and verification to specific attack types through hacking. Therefore, the research methodology described herein is equally appropriate and transferrable for the information security studies of other information systems. Hence, the reference model framework proposed in this research may play an important role in fields related to information security and may promote the development of effective countermeasures against ICT supply chain attacks.
AB - Information and Communication Technology (ICT) products are becoming increasingly important in people's daily lives, and cyberspace security issues caused by ICT supply chains have attracted widespread attention. This paper reflects that, even while various contributions were made towards the construction of information security frameworks, there appears still to be an absence of an explicit reference model. The choice of research subject here is ICT supply chains, in which a reference security model framework for cyberspace security of ICT supply chains is discussed. The reference model developed is based on the application of the NIST information security reference model methodology. Conducting a thorough analysis of ICT supply chain structure and information security risk, we categorize the various kinds of information security attacks on ICT supply chain and catalog them on the security target reference model. This developed model of reference information security shall serve as an excellent articulation of how to boost the confidentiality, integrity, and availability of systems design, analysis, and verification to specific attack types through hacking. Therefore, the research methodology described herein is equally appropriate and transferrable for the information security studies of other information systems. Hence, the reference model framework proposed in this research may play an important role in fields related to information security and may promote the development of effective countermeasures against ICT supply chain attacks.
KW - Information Security
KW - Information and Communication Technology
KW - Security Reference Model
KW - Supply Chain security
UR - https://www.scopus.com/pages/publications/105022456036
U2 - 10.1109/MICCIS66057.2025.00024
DO - 10.1109/MICCIS66057.2025.00024
M3 - 会议稿件
AN - SCOPUS:105022456036
T3 - Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
SP - 109
EP - 114
BT - Proceedings - 2025 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd International Conference on Mobile Internet, Cloud Computing and Information Security, MICCIS 2025
Y2 - 11 April 2025 through 14 April 2025
ER -