SlideShare a Scribd company logo

Ensuring Full Proof Security At Xero

Download as PPT, PDF
Craig Walker
Craig Walker

The document summarizes a presentation given by Craig Walker, CTO of Xero Ltd, about ensuring full-proof security at Xero. It discusses how Xero engaged Aura Software Security as virtual security officers to help deliver secure software as a service (SaaS) over the long term. Aura took an integrated approach to security including threat modelling, attack trees, penetration testing, and ongoing monitoring to identify security risks and weaknesses in Xero's software and hosting environment. The presentation emphasizes that security is an ongoing process requiring a holistic approach and continuous improvement.

BusinessTechnology
1 of 20
Title of the presentation Craig Walker, Chief Technology Officer, Xero Ltd Case Study: Ensuring Full-Proof Security At Xero 22 July 2008
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object]
Who is Xero? ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is Xero? ,[object Object],[object Object],[object Object],[object Object],[object Object]
How does SaaS change security? ,[object Object],[object Object],[object Object]
We can’t just say we’re “secure as a bank”. We must actually BE secure as a bank.
Why is security important to Xero? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Virtual Security Officers ,[object Object],[object Object],[object Object]
Aura Software Security ,[object Object],[object Object],[object Object],[object Object],[object Object]
The Aura Experience
What are your top 5 security risks? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Integrated approach to security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security policies ,[object Object],[object Object],[object Object],[object Object],[object Object]
Threat Modelling ,[object Object],[object Object],[object Object]
Attack trees ,[object Object],[object Object],[object Object],[object Object],[object Object]
Imagine you had a castle … Kidnap the Princess 10 Gold Coins Bribe guard Sneak through sewer Launch full military strike 1,000,000 Gold Coins Walk in the main gate Forge letter of introduction Discover/steal King’s Seal Discover sewer location Break any protection 5 Gold Coins
Test it! ,[object Object],[object Object],[object Object]
Monitor it! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Things to think about … ,[object Object],[object Object],[object Object],[object Object],[object Object]
www.xero.com www.AuraSoftwareSecurity.co.nz Questions?

Recommended

Petya Ransomware
Petya RansomwarePetya Ransomware
Petya RansomwareSiemplify
 
Nexagate corporate profile 2021
Nexagate corporate profile 2021Nexagate corporate profile 2021
Nexagate corporate profile 2021Khairil Effendy
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides SlideTeam
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Proofpoint
 
Aurora - Lessons Learned
Aurora - Lessons LearnedAurora - Lessons Learned
Aurora - Lessons Learnedpchronis
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 

Recommended

Petya Ransomware
Petya RansomwarePetya Ransomware
Petya RansomwareSiemplify
 
Nexagate corporate profile 2021
Nexagate corporate profile 2021Nexagate corporate profile 2021
Nexagate corporate profile 2021Khairil Effendy
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides SlideTeam
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Proofpoint
 
Aurora - Lessons Learned
Aurora - Lessons LearnedAurora - Lessons Learned
Aurora - Lessons Learnedpchronis
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEMSiemplify
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...NetworkCollaborators
 
High Performance Security Report - High Technology
High Performance Security Report - High TechnologyHigh Performance Security Report - High Technology
High Performance Security Report - High TechnologyAccenture Security
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationProofpoint
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksProofpoint
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rsRichard Smiraldi
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers GuideExclusive Networks ME
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Managed Security Solutions
Managed Security SolutionsManaged Security Solutions
Managed Security SolutionsThe TNS Group
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tipsUnited Technology Group (UTG)
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)DNIF
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatKatherine Johnston, CFE
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 

More Related Content

What's hot

High Performance Security Report - High Technology
High Performance Security Report - High TechnologyHigh Performance Security Report - High Technology
High Performance Security Report - High TechnologyAccenture Security
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationProofpoint
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksProofpoint
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rsRichard Smiraldi
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...Skybox Security
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Managed Security Solutions
Managed Security SolutionsManaged Security Solutions
Managed Security SolutionsThe TNS Group
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)DNIF
 

What's hot (20)

High Performance Security Report - High Technology
High Performance Security Report - High TechnologyHigh Performance Security Report - High Technology
High Performance Security Report - High Technology
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
 
Acronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis Active Protection: A Way To Combat Ransomware Attack
Acronis Active Protection: A Way To Combat Ransomware Attack
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
 
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs011918 executive breach_simulation_customer_fac_rs
011918 executive breach_simulation_customer_fac_rs
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ... Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Managed Security Solutions
Managed Security SolutionsManaged Security Solutions
Managed Security Solutions
 
Outpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teamingOutpost24 webinar - Improve your organizations security with red teaming
Outpost24 webinar - Improve your organizations security with red teaming
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
7 cloud security tips
7 cloud security tips7 cloud security tips
7 cloud security tips
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)
 
MP_OneSheet_VulnThreat
MP_OneSheet_VulnThreatMP_OneSheet_VulnThreat
MP_OneSheet_VulnThreat
 

Similar to Ensuring Full Proof Security At Xero

Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritySecuraa
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
IBM Immune System
IBM Immune SystemIBM Immune System
IBM Immune SystemLuke Kenny
 
Zero Trust vs Defense in Depth
Zero Trust vs Defense in DepthZero Trust vs Defense in Depth
Zero Trust vs Defense in DepthCIO Talk Network
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
Running head hardware and software security14 hardware an
Running head hardware and software security14 hardware anRunning head hardware and software security14 hardware an
Running head hardware and software security14 hardware anAKHIL969626
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies Siemplify
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESIJNSA Journal
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptxlochanrajdahal
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecuritysecuraa
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Capability presentation app security Entersoft
Capability presentation app security EntersoftCapability presentation app security Entersoft
Capability presentation app security Entersoftmohangandhi_entersoft
 

Similar to Ensuring Full Proof Security At Xero (20)

Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune System
 
IBM Immune System
IBM Immune SystemIBM Immune System
IBM Immune System
 
Zero Trust vs Defense in Depth
Zero Trust vs Defense in DepthZero Trust vs Defense in Depth
Zero Trust vs Defense in Depth
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Running head hardware and software security14 hardware an
Running head hardware and software security14 hardware anRunning head hardware and software security14 hardware an
Running head hardware and software security14 hardware an
 
Security Operations Strategies
Security Operations Strategies Security Operations Strategies
Security Operations Strategies
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptx
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Soar cybersecurity
Soar cybersecuritySoar cybersecurity
Soar cybersecurity
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
Capability presentation app security Entersoft
Capability presentation app security EntersoftCapability presentation app security Entersoft
Capability presentation app security Entersoft
 

More from Craig Walker

Cloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud ComputingCloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud ComputingCraig Walker
 
Wellington to the World 2010 Keynote
Wellington to the World 2010 KeynoteWellington to the World 2010 Keynote
Wellington to the World 2010 KeynoteCraig Walker
 
Building Faster Websites
Building Faster WebsitesBuilding Faster Websites
Building Faster WebsitesCraig Walker
 
Client Side Performance @ Xero
Client Side Performance @ XeroClient Side Performance @ Xero
Client Side Performance @ XeroCraig Walker
 

More from Craig Walker (6)

Cloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud ComputingCloud Xero #1 - Intro to Cloud Computing
Cloud Xero #1 - Intro to Cloud Computing
 
Sencha Touch
Sencha TouchSencha Touch
Sencha Touch
 
Sencha At Xero
Sencha At XeroSencha At Xero
Sencha At Xero
 
Wellington to the World 2010 Keynote
Wellington to the World 2010 KeynoteWellington to the World 2010 Keynote
Wellington to the World 2010 Keynote
 
Building Faster Websites
Building Faster WebsitesBuilding Faster Websites
Building Faster Websites
 
Client Side Performance @ Xero
Client Side Performance @ XeroClient Side Performance @ Xero
Client Side Performance @ Xero
 

Recently uploaded

Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCRashishs7044
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...Operational Excellence Consulting
 

Recently uploaded (20)

Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 

Ensuring Full Proof Security At Xero

  • 1. Title of the presentation Craig Walker, Chief Technology Officer, Xero Ltd Case Study: Ensuring Full-Proof Security At Xero 22 July 2008
  • 2.
  • 3.
  • 4.
  • 5.
  • 6. We can’t just say we’re “secure as a bank”. We must actually BE secure as a bank.
  • 7.
  • 8.
  • 9.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. Imagine you had a castle … Kidnap the Princess 10 Gold Coins Bribe guard Sneak through sewer Launch full military strike 1,000,000 Gold Coins Walk in the main gate Forge letter of introduction Discover/steal King’s Seal Discover sewer location Break any protection 5 Gold Coins
  • 17.
  • 18.
  • 19.