Lachlan McGill heads up security at Melbourne-based Members Equity (ME) Bank. He recently spoke to Computerworld Australia’s Hamish Barwick about the bank’s IT projects and the specific challenges of security in the financial services industry.
What does your role at ME Bank involve?
I’m the information security manager and the role is primarily a governance one. We develop policy and standards bank wide covering how we want people to interact with systems and how we want systems to operate. We then go about ensuring compliance and mitigating risk to the bank’s information assets. Identity and access management makes up a large part of what my team does.
In-depth: Information Security 2011 Research Report.
What are some of the challenges you face in the role of information security manager?
The biggest challenge, and most important aspect, is protecting customer information. You ask people what they spend most resources on and that’s preventing a data breach. The primary role for me is ensuring that customer information is protected within and outside of the organisation. We’re also investigating the implementation of a bring your own device [BYOD] policy so we’re looking at options to control those devices.
What projects are you working on at present?
One of the projects we’ve got underway is an infrastructure refresh. We’re replacing our entire network core infrastructure which includes servers, network switches/routers and security devices such as firewalls and email gateways as they’re at the end of lease.
We’re also about to start a desktop refresh project which involves workstation replacement and upgrading the operating system [OS] from XP to Windows 7. As part of that, we’ll be looking at how we can optimise our application distribution and locking down the workstation to prevent data leakage and unauthorised application execution.
What are the biggest issues facing the information security industry today?
The proliferation of mobile devices and people wanting access to information regardless of where they are.
Cloud services. We’re looking at pushing email and web filtering out to the Cloud but as we’re a bank, we’re highly regulated so there are a certain things we need to enforce when using Cloud services such as location and security of data.
As a security professional, what keeps you awake at night?
What really keeps me awake at night are zero day vulnerabilities. I often think, `What’s on my network that I don’t know about?’. The key is to ensure you have the right technologies in place to detect anomalous behaviour on the network to ensure that exploits don’t go unnoticed.
What do you like about working in the financial services industry?
There is a focus and heavy reliance on information security and protecting customer’s assets in financial services. I enjoy the challenges that brings.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU