Information Security Awareness, Training and Motivation — Native Intelligence, Inc.

IT Security Quotes and Quips

Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds. — John Perry Barlow

I don't know about technology and I don't know about finance and accounting. — Bernard J. Ebbers, former chief executive of WorldCom, at his trial.

If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. — White House Cybersecurity Advisor, Richard Clarke

"We have only two modes - complacency and panic." — James R. Schlesinger, the first U.S. Dept. of Energy secretary, in 1977, on the country's approach to energy.

The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully. — Kevin Mitnick

Amateurs hack systems, professionals hack people. — Bruce Schneier

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders. — Dan Farmer, System Administrators Guide to Cracking

There are risks and costs to a program of action--but they are far less than the long range cost of comfortable inaction. — John F. Kennedy

Security used to be an inconvenience sometimes, but now it's a necessity all the time. — Martina Navratilova after the stabbing of Monica Seles by a fan of Steffi Graf, 1993

We didn't install the [Code Red] patch on those DMZ systems because they were only used for development and testing.  — Anonymous client, shortly after spending 48 continuous hours removing 2001's Code Red worm from internal corporate servers ("Secure Coding Principles and Practices by Mark G. Graff & Kenneth R. van Wyk)

Security breaches usually entail more recovery efforts than acts of God. Unlike proverbial lightning, breaches of security can be counted on to strike twice unless the route of compromise has been shut off. — FedCIRC

Computer security can simply be protecting your equipment and files from disgruntled employees, spies, and anything that goes bump in the night, but there is much more. Computer security helps ensure that your computers, networks, and peripherals work as expected all the time, and that your data is safe in the event of hard disk crash or a power failure resulting from an electrical storm. Computer security also makes sure no damage is done to your data and that no one is able to read it unless you want them to. — Bruce Schneier (Protect Your Macintosh, 1994)

Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge. — Bruce Schneier (Protect Your Macintosh, 1994)

People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems. — Bruce Schneier, Secrets and Lies

If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. — Gene Spafford

Microsoft made a big deal about Windows NT getting a C2 security rating. They were much less forthcoming with the fact that this rating only applied if the computer was not attached to a network and had no network card, and had its floppy drive epoxied shut, and was running on a Compaq 386. Solaris's C2 rating was just as silly. — Bruce Schneier

The man who trades freedom for security does not deserve nor will he ever receive either. — Benjamin Franklin

We will bankrupt ourselves in the vain search for absolute security. — Dwight D. Eisenhower

"No serious commentary will say that the user has no responsibility. We all have responsibilities to lock our doors in our homes and to buckle up when we get in cars." — spokesman, Information Technology Association of America, Business Roundtable, AP, May 19, 2004

As security or firewall administrators, we've got basically the same concerns [as plumbers]: the size of the pipe, the contents of the pipe, making sure the correct traffic is in the correct pipes, and keeping the pipes from splitting and leaking all over the place. Of course, like plumbers, when the pipes do leak, we're the ones responsible for cleaning up the mess, and we're the ones who come up smelling awful... — Marcus J. Ranum

When you know that you're capable of dealing with whatever comes, you have the only security the world has to offer. — Harry Browne

One person's "paranoia" is another person's "engineering redundancy." — Marcus J. Ranum

Security must begin at the top of an organization. It is a leadership issue, and the chief executive must set the example. — heard at a security conference

There is no castle so strong that it cannot be overthrown by money. — Cicero

As we know,
There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don't know
We don't know.

 — Donald Rumsfeld, February 12, 2002, Department of Defense news briefing (quote contributed by Bernarr B. Coletta, CISSP - Thank You!)

Quips and Quotes [1]  [2]  [3]  [4]  [5]  

These quotations relate to computers, information technology, and security.

This material is largely based on e-mail, newsgroup, or Web postings of presumably public domain material. If you're aware of a correction or if you have a quote that you'd like to see added to this page, please let us know.