Abstract
As organizations deepen their reliance on external service providers and digital supply chains, third-party and supply chain cybersecurity risk management has become a strategic priority. While numerous international documents—such as standards, frameworks, and regulations—address aspects of third-party risk, their fragmented nature poses integration challenges, making implementation complex and inconsistent. To address this challenge, this study consolidates these documents related to third-party and supply chain cybersecurity. It then introduces a holistic conceptual framework to address this fragmentation by aligning common control themes across the vendor lifecycle. By synthesizing diverse sources into a unified and structured model, the study offers practical value for risk managers, internal auditors, and security leaders seeking to harmonize compliance obligations with effective third-party and supply chain risk management.
Recommended Citation
Akçakaya, Yusuf; Mutlutürk, Meltem; and Metin, Bilgin, "TOWARDS A HOLISTIC CONCEPTUAL FRAMEWORK FOR SUPPLY CHAIN AND THIRD-PARTY CYBERSECURITY RISK MANAGEMENT" (2025). CONF-IRM 2025 Proceedings. 5.
https://aisel.aisnet.org/confirm2025/5