Information Security

 View Only

  • 1.  CISO Forum with key vendors?

    Posted 04-09-2024 10:30 AM

    I'm looking for opinions and experience if anyone has held (or contemplated) information security focused forums with their key vendors? Essentially, it would be a sort of CISO roundtable with our key vendors to discuss emerging topics and information security roadmaps to ensure alignment and help foster an open dialog over any challenges or opportunities.

    I have some reservations (would key vendors commit to sending a CISO or would it be watered down through delegation; would an open discussion take place among potentially competing organizations), but hoping someone has real world experience and not just theories.

    Thank you in advance



  • 2.  RE: CISO Forum with key vendors?

    Posted 04-09-2024 01:38 PM

    Kevin -

    I would not want to invite multiple vendors to the same meeting. I would think there may be confidentiality issues (particularly if they are competitors).  I believe the business owner (relationship owner) should hold quarterly meetings with their vendors, and review SLAs and roadmap.

    I also don't think you can expect all your vendors to do this. I think only vendors with whom you have a certain threshold of dollar business would want to engage with you this way.  Speaking as a vendor, they are likely not staffed to meet quarterly with each of their customers. 



    ------------------------------
    Kate Wakefield, CISSP / CIPT / CRISC
    Infoblox Director of GRC
    ------------------------------