Information Security

I'm looking for opinions and experience if anyone has held (or contemplated) information security focused forums with their key vendors? Essentially, it would be a sort of CISO roundtable with our key vendors to discuss emerging topics and information security roadmaps to ensure alignment and help foster an open dialog over any challenges or opportunities.

I have some reservations (would key vendors commit to sending a CISO or would it be watered down through delegation; would an open discussion take place among potentially competing organizations), but hoping someone has real world experience and not just theories.

Thank you in advance

Kevin -

I would not want to invite multiple vendors to the same meeting. I would think there may be confidentiality issues (particularly if they are competitors).  I believe the business owner (relationship owner) should hold quarterly meetings with their vendors, and review SLAs and roadmap.

I also don't think you can expect all your vendors to do this. I think only vendors with whom you have a certain threshold of dollar business would want to engage with you this way.  Speaking as a vendor, they are likely not staffed to meet quarterly with each of their customers. 

------------------------------
Kate Wakefield, CISSP / CIPT / CRISC
Infoblox Director of GRC
------------------------------