| With the rapid development of Internet technology,supply chain management has become more and more globalized and complicated.New risks and vulnerabilities in the supply chain information system lead to network attacks that cannot be ignored at any time in the supply chain.The inevitable cyber attacks will affect many different industrial sectors,from financial services,energy suppliers,high-tech companies and retailers to health care and government.At the same time,the occurrence of network information security accidents will also bring reputation,direct economic,opportunity cost and other losses to enterprises,as well as the harm caused by various kinds of data leakage.In order to improve the information system security of supply chain in cyberspace,this paper studies the information security risk identification and investment response strategies of supply chain in cyberspace on the basis of previous studies and relevant theoretical basis on the premise of risk identification.Specific research work is as follows:Firstly,the related concepts and contents of risk elements,risk sources and risk identification methods are elaborated and analyzed.The main risks of information security of supply chain in cyberspace are hacker attack,joint attack between enterprises and virus transmission,which will inevitably lead to the reduction of supply chain security elasticity and various corresponding losses.Secondly,game analysis of supply chain enterprise access.When retailers and information security service providers are both in the negative supervision,the incumbent enterprise retailers should carefully consider whether to choose to cooperate with the incoming enterprise suppliers.When retailers act actively and information security service providers act negatively,it is in line with the real market situation of information security outsourcing service of supply chain.Retailers and information security service providers are active as the supply chain information security management ideal state.This paper analyzes the information security construction of upstream and downstream enterprises' joint investment in the supply chain.Three kinds of information security construction mechanism are designed,namely,supplier is responsible alone under discrete decision,supplier and retailer are responsible together and supplier is responsible alone under reward and punishment.When the supplier is solely responsible for information security construction,the investment in intrusion prevention subsystem is too much,but the investment in intrusion detection subsystem cannot reach the optimal social welfare.When suppliers and retailers are jointly responsible for the construction of information security,neither the input level of subsystem nor the supply chain income can reach the optimal social welfare.When the supplier based on rewards and punishments is solely responsible for information security construction,the investment level of the subsystem reaches the optimal level of social welfare and realizes the coordination and cooperation of upstream and downstream investment in different subsystems.Finally,using the master-slave game theory of stackelberg,a two-level supply chain with the retailer as the leader and the supplier as the follower is constructed,and the enterprise cooperation contract of the common proportional risk allocation and fixed proportion risk allocation in the construction of supply chain information security is designed,and the conclusion is simulated and verified numerically.In the two kinds of cooperation contracts,only the fixed proportion of risk allocation contract can make the supply chain enterprises to network security investment and various benefits can reach the optimal level of society.This paper aims at the problem of information security risk of supply chain in cyberspace,based on the identification and analysis of information security risk in cyberspace,and studies the supply chain enterprise access mechanism,investment response mechanism and cooperation and coordination contract under different risk conditions,so as to provide certain theoretical guidance for the operation decision of enterprises. |
PDF Full Text Request