Information Security Awareness, Training and Motivation — Native Intelligence, Inc.

IT Security Quotes and Quips


Phishing is a major problem because there really is no patch for human stupidity — Mike Danseglio, program manager in the Security Solutions group at Microsoft, April 4, 2006

In 2006, the attackers want to pay the rent. They don't want to write a worm that destroys your hardware. They want to assimilate your computers and use them to make money. — Mike Danseglio, program manager in the Security Solutions group at Microsoft, April 4, 2006

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did. — Bruce Schneier

Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders. — Ronald Reagan

I walked into this classroom full of law enforcement officers and said, "Do you guys recognize any of these names?" I read off a list of the names. One federal officer explained, "Those are the names of judges in the US District Court in Seattle." And I said, "Well, I have a password file here with 26 passwords cracked." Those federal officers about turned green. — Don Belling, Boeing, quoted in The Art of Intrusion by Kevin Mitnick

Sed quis custodiet ipsos custodes? [Who watches the watchers?] — quote contributed by Joy Walker - Thank you!

Badges? We ain't got no badges! We don't need no badges. I don't have to show you any stinkin' badges! — from the film "Treasure of Sierra Madre"

You can't hold firewalls and intrusion detection systems accountable. You can only hold people accountable. — Daryl White, DOI CIO

In theory, one can build provably secure systems. In theory, theory can be applied to practice but in practice, it can't. — M. Dacier, Eurecom Institute

I personally like to think of the Internet as a parallel universe, a cyber-world as opposed to the real-world. In cyber-world people do much the same thing as in the real-world, such as chat, work, or go shopping. And, as in the real-world, there are dangers. In the real-world, we spend years as children learning about the world and all its dangers before we can safely go out on our own. This is not the case in cyber-world. People wander into cyber-world as cyber-toddlers or even cyber-infants. How can these people be expected to look after themselves in this strange new world? ... I believe that education must be the first step to computer security. Cyber-world is too complex and dangerous to jump into without understanding the dangers.

 — Jimi Loo, in Comments & Feedback to Noam Eppel's Article, "Security Absurdity: The Complete, Unquestionable, and Total Failure of Information Security. A long-overdue wake up call for the security community."

America believes in education: the average professor earns more money in a year than a professional athlete earns in a whole week. — Evan Esar

If computers get too powerful, we can organize them into a committee - that will do them in. — Bradley's Bromide

I do not fear computers. I fear the lack of them. — Isaac Asimov

The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. — Nathaniel Borenstein

Fear not those who argue, but those who dodge. — Marie Ebner von Eschenbach

The Internet is like alcohol in some sense. It accentuates what you would do anyway. If you want to be a loner, you can be more alone. If you want to connect, it makes it easier to connect. — Esther Dyson

The best way to get management excited about a disaster plan is to burn down the building across the street. — Dan Erwin, Security Officer, Dow Chemical Co.

A business will have good security if its corporate culture is correct. That depends on one thing: tone at the top. There will be no grassroots effort to overwhelm corporate neglect. — William Malik, Vice President and Research Area Director for Information Security at Gartner.


A good programmer is someone who always looks both ways before crossing a one-way street. — Doug Linder

Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active part of the problem. — Fred Langa

Quips and Quotes [1]  [2]  [3]  [4]  [5]  

These quotations relate to computers, information technology, and security.

This material is largely based on e-mail, newsgroup, or Web postings of presumably public domain material. If you're aware of a correction or if you have a quote that you'd like to see added to this page, please let us know.