ABSTRACT
This introduction presents an overview of the key concepts discussed in the subsequent chapters of this book. The book introduces the concepts and principles of formal trusted product acquisition governance as well as the standard principles and underlying activities that define best practice in the performance of secure product sourcing. It aims to define a complete and correct collection of highly related processes, activities, and tasks as well as the attendant monitoring and reporting systems to ensure a trustworthy product. The book demonstrates how a formal approach to acquisition and supply chain security can be used to assure the integrity of the technology base of any organization. It provides the role and importance of a formal sourcing process in ensuring organizational security. The book presents the concepts of information and communication technology supply chain risk management (SCRM) from the perspective of National Institute of Standards and Technology IR 800-161, the first standard body of knowledge for secure SCRM.
