Steven York, Chief Security Officer, Bank of Queensland, discussed around the topic The human element in a strong cyber risk framework.
Cyber incidents have been increasing around the world and particularly more focus is being placed on data security. In Australia, the Office of the Australian Information Commissioner – (OAIC) has new powers in respect for this risk. The NIST framework gives some guidance in how to organise cyber risk management for an organisation, however organisations often overlook the human element in the framework elements (Prepare, Prevention, Detect, Respond and Recover). This session covered the human element in a strong cyber risk framework.
ABOUT STEVEN YORK
Steven York has had a unique career commencing as a clerk at AMP, then joining the NSW Police force, working there for 20 years, leaving in 1996 as the Commander of the Hostage Negotiation Team. From 1996 he has been involved in risk management and contributed to the first risk management standard AS/NZ 4360. He built up his own risk consulting company with many high profile clients. In 2000 he sold his share and commenced work as an Executive Manager, Operational Risk at the CBA. At that time he was involved in the introduction of the Basel I across the CBA Group. Since then he has worked as a senior consultant (Partner, Deloitte Central Europe, Enterprise Risk, and Marsh McLennan, General Manager, Risk Consulting) and senior internal corporate roles (CBA, General Manager, Security and Financial Crime). He is currently the General Manger Group Compliance and Chief Security Officer (CSO) at the Bank of Queensland. Steve has been awarded the National Medal and received several commendations for bravery and police work up to counter terrorism level. In addition he is a sought after speaker in risk, security and negotiation. He has co-authored a book, ‘Negotiation Evolved’ and is currently completing his second in the area of high risk negotiation, tentatively titled ‘Crisis Negotiation Evolved’.. He was a member of the Education Committee, Operational Risk Management for the Governance Institute of Australia from 2014 to 2017. He was a member of the Information Technology Security Techniques at Standards Australia between 2013 and 2016 and is currently a mentor for the students at QUT in the Masters of Business Administration degree. He has a Master of Science (Risk) and a Master of Dispute Resolution and lectured in that area at UTS for 16 years particularly in the area of negotiation and crisis negotiation.