3rd Party Risk Management , Governance & Risk Management
A Team Approach to Supply Chain Security Risk Management
Daniel Bowden, CISO of Sentara Healthcare, on Engaging the C-SuiteCISOs need to engage C-suite leaders in the effort to tackle supply chain security issues because they are so critical and complex, says Daniel Bowden, CISO at Sentara Healthcare.
See Also: Breaking Down Silos With a Holistic View of Security, Risk
"At Sentara … executive-level leaders are managing programs for enterprise vendor risk, enterprise contract life cycle risk … pushing these things together," he says.
When onboarding a new vendor, the organization involves a cross-section of players in vetting the vendor's trustworthiness, resilience and the ability to deliver, he adds. Then, the organization decides how often to review the ongoing vendor relationship, based on the security risks involved.
"It's a huge, tough journey because … we're talking about thousands of contracts to review and relationships to vet," says Bowden, a speaker at the Healthcare Information and Management Systems Society 2021 Conference in Las Vegas, taking place this week.
In this video interview with Information Security Media Group, Bowden also discusses:
- Top tips for CISOs on getting cybersecurity buy-in from the C-suite;
- Critical security lessons learned from the COVID-19 pandemic;
- Sentara Healthcare's security projects slated for the months ahead.
Bowden is vice president and CISO at Sentara Healthcare, a not-for-profit healthcare organization serving Virginia and northeastern North Carolina that operates 12 acute care hospitals, 10 nursing centers and three assisted living facilities. He has led cybersecurity and technology programs for healthcare, higher education, banking, retail and the military for the past 25 years.