Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Technology Product (Internal Audit and IT Audit)
暫譯: 供應鏈風險管理：應用安全採購原則以確保可信的技術產品（內部審計與IT審計）

The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply chain and how to build auditable trust into the products and services acquired by the organization. It details a capability maturity development process that will install an increasingly competent process and an attendant set of activities and tasks within the technology acquisition process. It defines a complete and correct set of processes, activities, tasks and monitoring and reporting systems.