Published August 17, 2021 | Version v1
Conference paper Restricted

Information Security Assessment and Certification within Supply Chains

  • 1. University of Minho


Cybersecurity threats have been on the rise lately, along with the digital revolution. In the industrial area and the supply chains, the disruptions that have already occurred require the search for solutions that minimize the impact of those threats without hampering the digital transformation, equally and globally recognized as bringing enormous benefits. At the heart of the solutions is the ability to manage information security conveniently. To this end, it is essential to put a safety assessment program in place using a set of appropriate metrics. In this article and through an analysis of work already carried out in the area, we propose a metrics framework suitable for supply chains and in the industrial context. Additionally, and to promote the level of trust between the nodes of a supply chain, it is also elaborated on a model of continuous safety assessment, using the same metrics and goals related to certification (based on the IEC 62443 standard). In addition to the contribution to the trust level, the proposed framework can also facilitate the certification process from the perspective of the technological infrastructure. The work is part of a European project (FISHY) that aims to increase resilience in supply chains.



The record is publicly accessible, but files are restricted to users with access.

Request access

If you would like to request access to these files, please fill out the form below.

You need to satisfy these conditions in order for this request to be accepted:

Request to authors

You are currently not logged in. Do you have an account? Log in here

Additional details


FISHY – A coordinated framework for cyber resilient supply chain systems over complex ICT infrastructures 952644
European Commission