­
(Key Learning) "Best Practices In Security Procurement" @CISO Platform Annual Summit 2017 - All Articles - CISO Platform

8669819889?profile=original

At CISO Platform Annual Summit 2017, we had a panel discussion on the topic of Best Practices In Security Procurement, including industry stalwart like K S Narayan (CISO, PWC), Gaurav Batra (Information Security Officer, Mondelez International), Ganesh Viswanathan (SVP-Quality & Compliance; CISO & CPO, Quatrro), Sanil Anand Nadkarni (AVP & Head Information Security, SLK Global Solutions), Dilip Panjwani (Director-Information Security, FIS Global), and Subramanya Gupta Boda

Key Learning - Learning from Recent Global Security Breaches

1- One of the critical vectors for the cyber-attack is through the supply chain.


2- Breaches are increasing in terms of complexity, volatility, ambiguity and severity.


3- Through backdoors built into hardware or rogue codes inserted in to software or through compromised sub components or components that get surreptitiously into supply chain from lower tiers (mostly 3rd tier or 2nd tier suppliers) the integrity of critical elements get compromised.


4- The recent “A Monitor Darkly” attack involving Dell monitors where the display controllers are exploited to manipulate and snoop on the screen content is a manifestation of a compromised supply chain.


5- Risk management should become an integral part of Supply Chain governance. We need to institutionalise a multi stake holder Risk Assessment process of the end to end Supply Chain. The cyber risk has to be evaluated from the start.


6- Due diligence of new suppliers should be done and regular audits to be conducted as part of supplier quality assurance.


7- Cyber procurement should be linked to the organisational priorities and align with the purpose. The investment should be scalable & integration should be feasible.


8- We should obtain user reviews through peers or through crowd sourcing market intelligence to evaluate the pros and cons of the investment

(Use FireCompass discovery and comparison tool to shorten your vendor assessment cycle by months. Sign Up for FREE) 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events