13 - 14 August, 2019 | Mercure Resort, Hunter Valley Gardens, NSW, Pokolbin, Hunter Valley, NSW
Steven York, Chief Information Security Officer at Bank of Queensland

Steven York


Chief Information Security Officer
Bank of Queensland

Check out the incredible speaker line-up to see who will be joining Steven.

Download The Latest Agenda

Exchange Day 2: Wednesday 14th August 2019


8:40 AM CHIEF PANEL: Third Party Risk Management: Getting An Accurate Understanding of Suppliers, Clients and Partners True Risk Mitigation Capability

With cyber breaches rapidly increasing in both number and complexity, organisations are re-assessing the security strength of existing and potential suppliers, clients and partners. In such a fast-paced environment, getting a clear understanding of your partner’s capability, and in a timely manner, is vital to the security of the organization. In this panel, hear three industry experts discuss:
• How to minimize steps in the vetting process and move partnerships from A to Z quickly
• How to maintain ownership of sensitive data and increasing visibility of third party systems
• The risk and mitigation of risk when dealing with suppliers, clients and partners
• Related parties and third-parties – the new high risk attack vector
• The importance of remembering the ‘people’ side of cyber security - strengthening the human relationship between partnerships

1:30 PM How Bank of Queensland are BOQ-ifying the NIST Framework To Accurately Measure Cyber Capabilities

The NIST framework is generally accepted as the leading best-practice framework across the Cyber Security landscape. Although designed with the purpose of arranging resources to be easily digestible by both the board and IT department, it is not a one-size-fits-all fix. Intricate details of an organisation may be missed if the NIST framework is followed too closely. In this session, hear how BOQ have:
  • Personalized the NIST framework to accurately measure the success of their cyber security capabilities
  • Improved discussion with the board as a result of improved metrics and reporting
  • Gained a deeper understanding of where their cyber gaps and strongest coverage lie