QotD – Security

  • About InfoSec : “All you guys ever say is NO, why don’t you ever give alternatives?”
  • “Security is not the absence of danger”
  • “The opposite of security is insecurity, and the only way to overcome insecurity is to take risks.”
  • “You have to decide who you trust before you decide what to believe”.
  • If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked. — White House Cybersecurity Advisor, Richard Clarke
  • “Security is like brakes on a car. Because we have brakes we can drive faster”. – Robert Garigue
  • “If you have responsibility for security but have no authority to set rules or punish violators, your own role in the organization is to take the blame when something big goes wrong”. – Gene Spafford
  • “Security is a process, not a product”. – Bruce Schneier
  • “My problem with SLAs is too much Level not enough Service and never any Agreement”.
  • “The Only person you can rely on is yourself”
  • Malo Periculosam Libertatem Quam Quietum Servitium. (“I prefer liberty with danger to peace with slavery”)
  • You cannot be stupid and be secure. You can be stupid and lucky, but not secure.
  • The more you know, the less you trust.
  • If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees. — Kahlil Gibran.
  • Better be despised for too anxious apprehensions, than ruined by too confident security. — Edmund Burke
  • It is much more secure to be feared than to be loved. — Niccolo Machiavelli.
  • People in general are not interested in paying extra for increased safety. At the beginning seat belts cost $200 and nobody bought them. — Gene Spafford.
  • Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful. — Niccolo Machiavelli, The Prince.
  • “We have only two modes – complacency and panic.” — James R. Schlesinger.
  • Amateurs hack systems, professionals hack people. — Bruce Schneier
  • People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems. — Bruce Schneier, Secrets and Lies
  • If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. — Bruce Schneier.
  • One person’s “paranoia” is another person’s “engineering redundancy.” — Marcus J. Ranum
  • Security must begin at the top of an organization. It is a leadership issue, and the chief executive must set the example. — heard at a security conference.
  • Phishing is a major problem because there really is no patch for human stupidity — Mike Danseglio, program manager in the Security Solutions group at Microsoft, April 4, 2006.
  • Sed quis custodiet ipsos custodes? [Who watches the watchers?]
  • In theory, one can build provably secure systems. In theory, theory can be applied to practice but in practice, it can’t. — M. Dacier
  • The best way to get management excited about a disaster plan is to burn down the building across the street. — Dan Erwin, Security Officer, Dow Chemical Co.
  • It’s not good enough to have a system where everyone (using the system) must be trusted, it must also be made robust against insiders! — Robert Morris.
  • If your personnel do not know or understand how to maintain confidentiality of information, or how to secure it appropriately, not only do you risk having one of your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, but you also risk being in non-compliance of a growing number of laws and regulations that require certain types of information security and privacy awareness and training activities. You also risk damaging another valuable asset, corporate reputation.  — Rebecca Herold, “Managing an Information Security and Privacy Awareness and Training Program” 2005.
  • One of the tests of leadership is the ability to recognize a problem before it becomes an emergency.  — Arnold Glascow.
  • People don’t react to reality; they react to their perceptions of reality.
  • When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.  — David Brin
  • Security in IT is like locking your house or car – it doesn’t stop the bad guys,  but if it’s good enough they may move on to an easier target. — Paul Herbka.
  • We have never had vulnerabilities exploited before the patch was known. — David Aucsmith.
  • Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice. … The major shortfall is absence of assurance or safety mechanisms in software. If my car crashed as often as my computer does, I’d be dead by now. — Brian Snow
  • “Uncertainty is the only certainty there is, and knowing how to live with insecurity is the only security.”
  • InfoSec is a profession that requires the adoption of continuous, life-long learning. Keep learning or get left behind.
  • Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.
    Helen Keller.

Be the first to comment

Leave a Reply

Your email address will not be published.