Kayne McGladrey headshot
Top 10 Thought Leader on Cybersecurity Award from Thinkers360
Top 10 Thought Leader on Risk Management Award from Thinkers360

Kayne McGladrey, CISSP
360-648-7995
speaking@kaynemcgladrey.com

522 W Riverside Ave, #8558
Spokane, WA, 99201
United States

How can we effectively collaborate with vendors to ensure that their cybersecurity practices align with our standards and mitigate supply chain risks?

  • Establish clear cybersecurity requirements and expectations in vendor contracts, ensuring they align with your company’s standards and include regular audits and assessments to verify compliance.
  • Develop a collaborative framework for ongoing communication and information sharing with vendors, focusing on threat intelligence and incident response strategies to enhance supply chain security.
  • Implement a robust vendor risk management program that includes evaluating vendors’ cybersecurity practices, conducting regular risk assessments, and requiring vendors to participate in cybersecurity training and awareness programs.

What are the best practices for developing a comprehensive communication plan with vendors and stakeholders to handle sensitive cybersecurity information?

  • Define clear communication protocols and channels for sharing sensitive cybersecurity information with vendors and stakeholders, ensuring that all parties understand their roles and responsibilities in maintaining confidentiality and security.
  • Regularly update and test the communication plan through simulations and tabletop exercises to ensure its effectiveness and to build trust and preparedness among vendors and stakeholders.
  • Incorporate feedback mechanisms to continuously improve the communication plan, allowing vendors and stakeholders to provide input on the clarity, timeliness, and relevance of the information shared.

How can we measure the effectiveness of our cybersecurity strategy and ensure continuous improvement in our management of risks to critical infrastructure?

  • Implement key performance indicators (KPIs) and metrics to regularly assess the effectiveness of your cybersecurity strategy, focusing on incident response times, threat detection rates, and compliance with security protocols.
  • Conduct regular cybersecurity audits and risk assessments to identify vulnerabilities and areas for improvement, ensuring that findings are used to update and enhance the cybersecurity strategy.
  • Foster a culture of continuous learning and adaptation by encouraging ongoing training and development for staff, and staying informed about emerging threats and best practices in cybersecurity.

What steps should we take to prioritize and implement security standards across our critical business processes and cyber assets?

  • Conduct a comprehensive risk assessment to identify and prioritize critical business processes and cyber assets, focusing on those with the highest potential impact on operations and security.
  • Develop and implement a standardized security framework, such as the NIST Cybersecurity Framework, to ensure consistent application of security measures across all critical processes and assets.
  • Establish a cross-functional team to oversee the implementation of security standards, ensuring alignment with business objectives and facilitating communication and collaboration across departments.

How can we leverage industry market clout to influence vendors to adopt robust security practices for critical infrastructures?

  • Engage in industry-wide initiatives to develop and promote standardized cybersecurity requirements for vendors, ensuring that these standards are widely adopted and enforced across the sector.
  • Establish a preferred vendor program that prioritizes partnerships with suppliers who demonstrate strong cybersecurity practices, thereby incentivizing other vendors to enhance their security measures to remain competitive.
  • Collaborate with other utilities to conduct joint security audits and assessments of vendors, sharing findings and best practices to collectively raise the security baseline across the industry.