Information Security Awareness, Training and Motivation — Native Intelligence, Inc.

IT Security Quotes and Quips

People in general are not interested in paying extra for increased safety. At the beginning seat belts cost $200 and nobody bought them. — Gene Spafford

Schrodinger’s Backup: "The condition of any backup is unknown until a restore is attempted."

Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. — Gene Spafford (in e-mail to organizers of a workshop on insider misuse)

Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench. — Gene Spafford

Most people spend more time and energy going around problems than trying to solve them. — Henry Ford

If privacy is outlawed, only outlaws will have privacy. — Philip Zimmermann

Interest is a terrible thing to waste. — Roger Schank

Men do not like to admit to even momentary imperfection. My husband forgot the code to turn off the alarm. When the police came, he wouldn't admit he'd forgotten the code... he turned himself in. — Rita Rudner

We're sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder. — "Rockhound" in the movie 'Armageddon'

Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful. — Niccolo Machiavelli, The Prince

Those who do not archive the past are condemned to retype it! — Garfinkel and Spafford, Practical UNIX Security (first edition)

Security is always excessive until it's not enough. — Robbie Sinclair, Head of Security, Country Energy, NSW Australia

We only need to be lucky once. You need to be lucky every time. — The IRA to Margaret Thatcher, after a failed assassination attempt.

The anguish of low quality lingers long after the sweetness of low cost is forgotten. — unknown, quote suggested by Peter Gregory, CISSP, CISA (Thank you!)

The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember. — Bruce Schneier

In God we trust. All others, we virus scan.

Those of us in security are very much like heart doctors -- cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn't their fault -- it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?

But it doesn't have to be this way. We can do things better. We need to stop doing business as usual and start focusing on end-to-end quality. Security needs to be built in from the start -- not slapped on after the fact. — Gene Spafford, at the 23rd National Information Systems Security Conference in October 2000

Quips and Quotes [1]  [2]  [3]  [4]  [5]  

These quotations relate to computers, information technology, and security.

This material is largely based on e-mail, newsgroup, or Web postings of presumably public domain material. If you're aware of a correction or if you have a quote that you'd like to see added to this page, please let us know.