Information Security Awareness, Training and Motivation — Native Intelligence, Inc.

IT Security Quotes and Quips

-

Like the death of a celebrity from a drug overdose, publicized data loss incidents remind us that we should probably do something about taking better care of our data. But we usually don't, because we quickly remind ourselves that backups are boring as h***, and that it's shark week on Discovery.
— Nik Cubrilovic (TechCrunch.com, October 10, 2008)

-

It's not good enough to have a system where everyone (using the system) must be trusted, it must also be made robust against insiders! — Robert Morris, former Chief Scientist of the US National Security Agency (NSA) National Computer Security Center, 1995

-

In 2011 RSA, a major technology company, was hacked all when an employee responded to a phishing attempt.  This is a company whose whole business was security, and fell victim to what hackers know, No matter how secure a target the user is always the weakest link. — Jim Guckin

If your personnel do not know or understand how to maintain confidentiality of information, or how to secure it appropriately, not only do you risk having one of your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, but you also risk being in non-compliance of a growing number of laws and regulations that require certain types of information security and privacy awareness and training activities. You also risk damaging another valuable asset, corporate reputation.  — Rebecca Herold, "Managing an Information Security and Privacy Awareness and Training Program" 2005

One of the tests of leadership is the ability to recognize a problem before it becomes an emergency.  — Arnold Glascow

The software industry is really one of the only organizations where you can knowingly build a defective product and push it out to a potential buyer and the buyer assumes all the risk. — Jerry Davis, CISO

Never say anything on the phone that you wouldn't want your mother to hear at your trial.  — Sydney Biddle Barrows

People don't react to reality; they react to their perceptions of reality.  — human psychology truism

As any farmer will tell you, only a fool lets a fox guard the henhouse door.  — proverb

Be careful and you will save many men from the sin of robbing you. — Ed Howe

Ways may someday be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home.  — Justice Louis D. Brandeis

Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their consciences.  — C. S. Lewis

Men are only as good as their technical development allows them to be. — George Orwell

No one realized that the pumps that delivered fuel to the emergency generators were electric. — Angel Feliciano, representative of Verizon explaining why Verizon's backup power failed during the August 13, 2003 blackout causing disruption to the 911 service

When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else.  — David Brin

spacer

Security in IT is like locking your house or car – it doesn't stop the bad guys,  but if it's good enough they may move on to an easier target. — Paul Herbka

'

Cyberwarfare specialists cautioned this week that the Internet was effectively a “wilderness of mirrors,” and that attributing the source of cyberattacks and other kinds of exploitation is difficult at best and sometimes impossible. Despite the initial assertions and rumors that North Korea was behind the attacks and slight evidence that the programmer had some familiarity with South Korean software, the consensus of most computer security specialists is that the attackers could be located anywhere in the world. — John Markoff (NY Times writer)

spacer

There's a growing sense that the online ad industry is out of control from a privacy perspective and that some rules need to be put in place. — Marc Rotenberg, Executive Director for the Electronic Privacy Information Center

'

The trouble with quotes on the Internet is that you never know if they are genuine. — Benjamin Franklin

spacer

Solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress. — Samuel D. Warren and Louis D. Brandeis, Harvard Law Review, 1890

'

We cannot simply suspend or restrict civil liberties until the War on Terror is over, because the War on Terror is unlikely ever to be truly over. — Judge Gerald Tjoflat of the 11th U.S. Circuit Court of Appeals, October 15, 2004

spacer

We have never had vulnerabilities exploited before the patch was known. — David Aucsmith, head of technology at Microsoft's security business and technology unit, February 2004

'

An unconditional right to say what one pleases about public affairs is what I consider to be the minimum guarantee of the First Amendment.  — Justice Hugo Black

'

You can only protect your liberties in this world by protecting the other man's freedom. You can only be free if I am free.  — Clarence S. Darrow

'

No government can be long secure without a formidable opposition. — Benjammin Disraeli

'

Today's systems must anticipate future attacks. Any comprehensive system – whether for authenticated communications, secure data storage, or electronic commerce – is likely to remain in use for five years or more. It must be able to withstand the future: smarter attackers, more computational power, and greater incentives to subvert a widespread system. There won't be time to upgrade it in the field.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did. — Bruce Schneier, "Why Cryptography Is Harder Than It Looks" 1997

'

Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice. … The major shortfall is absence of assurance or safety mechanisms in software. If my car crashed as often as my computer does, I'd be dead by now. — Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance" AusCERT 2008

'

Even a paranoid can have enemies. — Henry Kissinger

'

The smartphone is the most lethal weapon you can get inside a prison.The smartphone is the equivalent of the old Swiss Army knife. You can do a lot of other things with it. — Terry L. Bittner, Director of Security Products, ITT Corporation

Although prison officials have long battled illegal cellphones, smartphones have changed the game. With Internet access, a prisoner can call up phone directories, maps and photographs for criminal purposes, corrections officials and prison security experts say. Gang violence and drug trafficking, they say, are increasingly being orchestrated online, allowing inmates to keep up criminal behavior even as they serve time. — Kim Severson and Robbie Brown, NY Times, "Outlawed, Cellphones Are Thriving in Prisons," published January 2, 2011

'

The Internet is the crime scene of the 21st Century. — Manhattan District Attorney Cyrus Vance Jr., October 2010.

'

Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars. — Carmen M. Ortiz, United States attorney for Massachusetts

'

A secure system is one that does what it is supposed to. — Eugene Spafford (Breaux, Antón, & Spafford, 2009)

'

A secure system is one that does what it is supposed to do, and nothing more. — John B. Ippolito, CISSP

'

Asking the Government to protect your Privacy is like asking a Peeping Tom to install your window blinds. — Founder of the EFF

'

In some ways, cryptography is like pharmaceuticals. Its integrity may be absolutely crucial. Bad penicillin looks the same as good penicillin. You can tell if you spread sheet is wrong, but how do you tell if your cryptography package is weak? The ciphertext produced by a weak encryption algorithm looks as good as ciphertext produced by a strong encryption algorithm. There's a lot of snake oil out there. A lot of quack cures. Unlike the patent medicine hucksters of old, these sofwtare implementors usually don't even know their stuff is snake oil. They may be good software engineers, but they usually haven't even read any of the academic literature in cryptography. But they think they can write good cryptographic software. And why not? After all, it seems intuitively easy to do so. And their software seems to work ok." — Philip Zimmermann

'

Gentlemen do not read each others mail. — Henry Lewis Stimson

'

Strengthening U.S. cyber security is common sense, like locking your door at night. But it's one thing to turn the lock -- and another to spend the night hunched in your living room with a shotgun. — Douglas Birch

'

Quips and Quotes [1]  [2]  [3]  [4]  [5]  

These quotations relate to computers, information technology, and security.

This material is largely based on e-mail, newsgroup, or Web postings of presumably public domain material. If you're aware of a correction or if you have a quote that you'd like to see added to this page, please let us know.