3rd Party Risk Management , Governance & Risk Management

A Team Approach to Supply Chain Security Risk Management

Daniel Bowden, CISO of Sentara Healthcare, on Engaging the C-Suite
Daniel Bowden, CISO, Sentara Healthcare

CISOs need to engage C-suite leaders in the effort to tackle supply chain security issues because they are so critical and complex, says Daniel Bowden, CISO at Sentara Healthcare.

See Also: Managed File Transfer: Move Files Efficiently and Securely

"At Sentara … executive-level leaders are managing programs for enterprise vendor risk, enterprise contract life cycle risk … pushing these things together," he says.

When onboarding a new vendor, the organization involves a cross-section of players in vetting the vendor's trustworthiness, resilience and the ability to deliver, he adds. Then, the organization decides how often to review the ongoing vendor relationship, based on the security risks involved.

"It's a huge, tough journey because … we're talking about thousands of contracts to review and relationships to vet," says Bowden, a speaker at the Healthcare Information and Management Systems Society 2021 Conference in Las Vegas, taking place this week.

In this video interview with Information Security Media Group, Bowden also discusses:

  • Top tips for CISOs on getting cybersecurity buy-in from the C-suite;
  • Critical security lessons learned from the COVID-19 pandemic;
  • Sentara Healthcare's security projects slated for the months ahead.

Bowden is vice president and CISO at Sentara Healthcare, a not-for-profit healthcare organization serving Virginia and northeastern North Carolina that operates 12 acute care hospitals, 10 nursing centers and three assisted living facilities. He has led cybersecurity and technology programs for healthcare, higher education, banking, retail and the military for the past 25 years.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.