**Author details**

Omar Gaci and Hervé Mathieu *ISEL, France*

Jean-Pierre Deutsch *LogPro Conseil, France*

Laurent Gomez *SAP, France*

### **7. References**


**Enterprise Risk Management** 

18 Will-be-set-by-IN-TECH

In the presented scenarios, only the product concept and application of procedures and risk prevention differ. It is the analysis of risks, its causes and its impacts which will enable to set

The integration of communicating objects such as RFID tags and wireless sensors offer new features for a dynamic risk assessment. Sensors are then used for accident risk detections, collected data are transmitted to a centralized software that is able to compare them with confidence intervals and in case of mismatches alerts are sent. Then, communicating objects are used to risk detection and also to risk mitigation. Risk mitigation consists in providing strategic information (involved goods, their quality and quantities, accident place, etc.) to

[1] Christopher, M. (1998). *Logistics and Supply Chain Management: Strategies for Reducing Costs and Improving Services*, Editions Pitman Publishing, ISBN 978-0273630494, London,

[2] Huanjia, Y.; Yang, L.; Yang, S-H. (2011). Hybrid Zigbee RFID sensor network for humanitarian logistics centre management. *Journal of Network and Computer Applications*,

[3] Lin, L.C. (2009). An integrated framework for the development of radio frequency identification technology in the logistics and supply chain management. *Computers &*

[4] Hong, I-H.; Dang, J-F.; Tsai, Y-H.; Liu, C-S.; Lee, W-T.; Wang, M-L.; Chen, P-C. (2011). An RFID application in the food supply chain: A case study of convenience stores in

[5] Shin, T-H.; Chin, S.; Yoon, S-W.; Kwon, S-W. (2011). A service-oriented integrated information framework for RFID/WSN-based intelligent construction supply chain

[6] Marucheck, A; Greis, N.; Mena, C.; Cai, L. (2011). Product safety and security in the global supply chain: Issues, challenges and research opportunities. *Journal of Operations*

• a departure of fire from a truck stowed;

**Author details**

Jean-Pierre Deutsch *LogPro Conseil, France*

Laurent Gomez *SAP, France*

**7. References**

UK.

*ISEL, France*

Omar Gaci and Hervé Mathieu

Vol. 34, No. 3, 938–948.

*Industrial Engineering*, Vol. 57, No. 3, 832–842.

*Management*, Vol. 29, No. 7, 707–720.

Taiwan. *Journal of Food Engineering*, Vol. 106, No. 2, 119–126.

management. *Automation in Construction*, Vol. 20, No. 6, 706–715.

• a breakdown of racks causing a toxic mix dangerous goods;

emergency services that can then plan and adapt their intervention.

up one of the mechanisms of detection and prevention.

**Chapter 10** 

© 2012 Comings and Ting, licensee InTech. This is an open access chapter distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

© 2012 Comings and Ting, licensee InTech. This is a paper distributed under the terms of the Creative Commons

**IA OM® as an Enterprise** 

**Risk Management Metric** 

David R. Comings and Wendy W. Ting

publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf

http://dx.doi.org/10.5772/50880

**1. Introduction** 

management metric.

Additional information is available at the end of the chapter

Ting and Comings [1] described how to use the Information Assurance (IA) Object Measurement (OM®) metric as a tool to measure the monitoring step (Step 6) described in the United States (U.S.) National Institute of Standards and Technology's (NIST) Risk Management Framework (RMF)1 [2]. This chapter expands the applicability of the IA OM® metric and shows how it may be used as an enterprise-wide information security risk

Risk management is concerned with the identification of risks, the avoidance, mitigation, transference, or sharing of unacceptable risks, and the acceptance of risks that are within an organization's risk tolerance. However, just as with information system controls within NIST's RMF, it is necessary to monitor the risk posture of systems, maintaining an ongoing assessment of the level of risk they represent within and to an organization. This risk posture changes with changes to the hardware and software employed by the organization, as well as when patches and updates are released that are intended to be applied to deployed software. Changes can also occur from vulnerabilities identified with no patch available, or when new types of information are allowed on a previously authorized or accredited information system. Different types of information are of varying interest to an organization or adversary. More valuable information generally has a higher impact on the organization when it is compromised2, and can increase the threat level of an information system. From an information system perspective, many of the monitoring activities, conducted to ensure the systems remain operational and maintain an acceptable security

posture, are also activities involved in the management of information system risks.

1 The RMF is described in detail in NIST Special Publication (SP) 800-37, available from: http://csrc.nist.gov/

2 Compromise is used in this chapter to indicate a loss of confidentiality, integrity, or availability of the information.
