James Ng, GM Cyber Security (CISO) at Insignia Financial, shares how the company tackles emerging threats, open-source risks, and strengthens governance and identity management in this Security Edge interview.

He explains that company boards and CEOs are more aware of cyber security risks, with Insignia taking a top-down approach to cyber security.

James’ mandate was to build a cyber security operating model by aligning Insignia’s corporate and security strategies and applying the NIST framework to assess gaps in talent and maturity levels.

This approach creates a business case that secures executive and board approval.

James highlights specific areas where Insignia focuses on improving security, particularly third-party security governance and identity and access management.

These gaps stem from Insignia’s amalgamation of several different businesses, which led to inconsistencies in security processes. Additionally, he points out the importance of educating staff on emerging threats like phishing and QR code-based scams.

Social engineering tactics have advanced, making it essential to tailor training with real-life examples from within the organisation, making it more relatable and effective for employees.

Board-level engagement is essential with cyber security.

Insignia briefs its boards quarterly and provides out-of-cycle updates on legal and regulatory changes.

James emphasises the challenges in managing open-source software, particularly the risk of hidden backdoors or vulnerabilities that may not surface until later.

Insignia has implemented controls to detect vulnerabilities in open-source libraries, though he acknowledges that mitigating these risks is an ongoing process.

 

Key takeaways:

  • Top-down cyber security approach: Insignia Financial built its cyber security model by aligning corporate and security strategies while leveraging the NIST framework to identify skill gaps and maturity levels.
  • Focus on emerging threats and education: The organisation prioritised strengthening its third-party security governance and identity access management, while also educating employees on evolving phishing and social engineering threats using real-world examples from within the company.
  • Open-source software vigilance: Insignia faces challenges with open-source libraries, especially with the risk of backdoors or vulnerabilities emerging over time. This requires continuous monitoring and detection processes to manage these risks.
Contributors
James Ng GM Cyber Security (CISO) at Insignia Financial
A leader with a range of experience across various cyber security, technology risk and audit domains. Motivated to create and maintain high... More

A leader with a range of experience across various cyber security, technology risk and audit domains. Motivated to create and maintain high performing cultures in order to drive business focused outcomes collaboratively with stakeholders.

Worked internationally across Australia, USA, Hong Kong, Thailand, Philippines, Singapore, India, Papua New Guinea and the UK (IOM).

Currently a:
– Graduate of the Australian Institute of Company Directors (GAICD),
– GIAC Security Operations Manager (GSOM – SANS),
– Certified Information Systems Security Professional (CISSP – ISC2),
– Certified Information Systems Auditor (CISA – ISACA),
– Certified Associate in Project Management, now lapsed (CAPM – PMBOK/PMI), and
– Certified Professional in Cloud Security (CCSK – Cloud Security Alliance)

Less
Byron Connolly Head of Programs & Value Engagement at ADAPT
Byron Connolly is a highly experienced technology and business journalist, editor, corporate writer, and event producer, and ADAPT’s Head of Programs and... More

Byron Connolly is a highly experienced technology and business journalist, editor, corporate writer, and event producer, and ADAPT’s Head of Programs and Value Engagement.

Prior to joining Adapt, he was the editor-in-chief at CIO Australia and associate editor at CSO Australia. He also created and led the well-known CIO50 awards program in Australia and The CIO Show podcast.

As the Head of Programs, Byron creates valuable insights for ADAPT’s community of senior technology and business professionals, helping them reach their organisational and professional goals. With over 25 years of experience, he has a passion for uncovering stories about the careers and personal philosophies of Australia’s top technology and digital executives.

When he is not working, Byron enjoys hot yoga, swimming, running, and spending time with his family.

Less
security modernisation compliance