PREPROCESAMIENTO DE LOS DATOS

The change in ordering pattern is conceptualised as the change in ordering frequency and effective daily average order quantity. The change brought about by information security breach on the effective average order quantity (EAOQ) is calculated by taking the difference between the EAOQ in the breach state and the corresponding non-breach state and this is expressed as a percentage of the non-breach state. Since the ordering rate is originally measured in percentage, the difference due to information security breach is computed as is and not expressed as a percentage of the non-breach state. The result of this computation for the parameter based ordering policy (option I), batch ordering policy (option II) and batch-and-parameter based policy (option III) is shown in Table 5.1, 5.2, 5.3 respectively. The original values for each supply agent in the non-breach state is included in the first row in each table. The changes to the original values brought about by each security breach (measured in percentage) is included in the subsequent rows and labelled accordingly.

137

OPTION I

Retailer Wholesaler Manufacturer

OR % EAOQ OR % EAOQ OR % EAOQ

NB 100 9.98 100 9.97 100 9.94 Breach Impact AOW 19.97 -25.01% 19.97 -25.14% 19.97 -25.02% IBMS 1.28 -1.30% 1.28 -1.31% 1.28 -1.32% PT 1.99 -2.04% 1.99 -2.06% 1.99 -2.07% SFDD 6.40 -6.89% 6.40 -7.00% 6.40 -7.05%

Table 5.1 Effect of security breach on the ordering pattern of the base stock policy (option I)

OPTION II

Retailer Wholesaler Manufacturer

OR % EAOQ OR % EAOQ OR % EAOQ

NB 89 11.28 62 16.00 49 20.36 Breach Impact AOW 0.03 0.02% 0.04 0.01% -0.04 0.14% IBMS 0.00 0.00% -0.01 0.00% -0.03 0.02% PT 0.00 -0.01% -0.01 0.00% -0.02 0.01% SFDD 0.29 -0.01% 0.08 0.21% 0.01 0.35%

Table 5.2 Effect of Security breach on Option II ordering pattern OPTION III

Retailer Wholesaler Manufacturer

OR % EAOQ OR % EAOQ OR % EAOQ

NB 98 10.18 89 11.16 67 14.81 Breach Impact AOW 19.24 -24.46% 15.98 -21.95 9.04% -15.66 IBMS 1.17 -1.21% 0.93 -1.07 0.61% -0.94 PT 1.86 -1.95% 1.50 -1.73 0.87% -1.35 SFDD 6.28 -6.89% 5.74 -7.01 4.33% -7.10

Table 5.3 Effect of security breach on Option III ordering pattern 5.2.1.1 Parameter based ordering policy (option I)

The dynamic nature of the parameter based policy such as the base stock policy (option I) where the order quantity can be large or small depending on the how far the inventory position is from the order-up-to level makes it a very flexible policy to uncertainties as suggested by the low bullwhip effect discussed in the previous

138

chapter. The ordering pattern is changed to cope with the effect of security breach whereby order quantity is increased to cope with the sudden demand increase that the breach creates (recall the assumption in section 5.1.2), which then results in lower ordering rate. From Table 5.1, one can see that there is a noticeable change in ordering pattern of all supply chain agents due to the influence of a security breach. An interesting observation here is that the increase in ordering rate and effective order quantity is similar for all members despite the fact that the breach occurred at the retailer. This shows that a breach regardless of its profile has a consistent reverberating effect on the ordering pattern for all associated supply chain agent using parameter based ordering (base stock policy). Examining the effect a breach with high RoC would have on the ordering pattern is done by comparing the effect of BP1 (low RoC) to BP2 (High RoC) and that of disruption duration is done by comparing the effect of BP1 (low disruption duration) to BP2 (high disruption duration). This examination shows that both disruption duration and RoC of a breach have the same effect on the ordering pattern of the parameter based ordering policy but the magnitude of effect of RoC is greater.

5.2.1.2 Batch ordering policy (option II)

In contrast to the effect of security breach under the base stock policy (option I), the ordering pattern of the supply chain using optimal EOQ model (option II) appear to be unperturbed to a large extent by the breaches as shown in Table 5.2. There seems to be negligible alteration in the pattern with which supply chain agents place their orders. In other words the reaction of batch ordering policy to security breach is minimal or non-existent and as such little or no flexibility is inherent in it. In addition there is no apparent breach reverberating effect on the ordering pattern of supply agents as one goes upstream the chain. It is also evident that higher RoC and disruption duration have no effect on ordering pattern.

5.2.1.3 Combined batch-and-parameter based policy (option III)

The effect of security breach on the ordering pattern of the retailer using option III is similar to that produced in option I. However the reverberating effect to the wholesaler and the manufacturer tells a different story and this is shown in Table 5.3. Common trends emerge for all security breach type. Like option I, the change in ordering pattern here shows the flexibility inherent in option III. Unlike option I where the same change occurred throughout the supply chain, the percentage change

139

in ordering pattern (i.e. the ordering rate and the effective order quantity) decreases as you go upstream. Higher RoC and higher disruption duration produces bigger changes in ordering pattern with RoC having the greater effect. This seems plausible as the order size in option III is determined by how far the inventory position is from the re-order point and a simple economic order quantity is included. Just like option I, option III ensures to bring the inventory position back to the desired position as quickly as possible but with an additional EOQ giving it a better capacity to respond to increased demand. It is to be reminded that the EOQ calculation here is simplistic (i.e. one batch) and not optimal like option II (2.236 batches). Therefore, option III combines the flexibility of option I and the advantage of bigger order quantity of option II. Judging from the level of change produced by option III in response to the security breaches, one could infer that the ordering policy has some resilience. However, since the change in ordering pattern is lesser in magnitude to that of option I, one would expect that the level of security breach resilience would be less than that of option I. An analysis of the cost impact would serve to confirm this supposition.