QOTD on the State of Security

We've approached security layer by layer. I have one tool for Web access, another tool for network access, another tool for e-mail. And yet I can't answer the basic question: Am I secure?
-- Bill Veghte, EVP of HP's software division

Src: RSA: HP Proposes Holistic Security -- InformationWeek

QOTD on End Users & Security

In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide.
-- Robert Ayoub, global program director - network security for Frost & Sullivan

Src: Latest Technologies Straining Cyber Security Staffs, Study Warns | EON: Enhanced Online News

QOTD - Chess as Warfare

In essence, chess is warfare, as much psychology as strategy. To win, one must understand the mentality of the opponent, hinted at in each new move. One must so thoroughly master the adversary’s weaknesses—an overzealous offence? guarding rather than attacking? a passion for sweeping one end?—that one can anticipate them and use them. Chess is a game of information, false and true, derived from what the opponent “should” do, based on his own past play or that of others, and on what the opponent actually does. Chess has no bloodshed, but the exhilaration of psychological warfare—taking no prisoners in a complete victory—is its attraction.
-- Stewart Gordon

Src: Saudi Aramco World : The Game of Kings
Note: emphasis is mine

QOTD - USDoD on CyberWarfare

First, cyberwarfare is asymmetric.The low cost of computing devices means that U.S. adversaries do not have to build expensive weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S. military capabilities. A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target. Knowing this, many militaries are developing offensive capabilities in cyberspace, and more than 100 foreign intelligence organizations are trying to break into U.S. networks. Some governments already have the capacity to disrupt elements of the U.S. information infrastructure.
-- William J. Lynn III, US Deputy Secretary of Defense

Src: Cybersecurity - Defending a New Domain

QOTD on Prudent Security

The best question a managing director can ask is ‘tell me we’re not being complacent. You do have to reassess (security measures) from time to time because the risks are changing and your data is changing. Without being paranoid, you just have to be prudent.
-- Dermot Williams, managing director at Threatscape

Src: ANALYSIS: Taking the right response to data breach risk - Ireland’s CIO and strategy news and reports service – Siliconrepublic.com

QOTD - Dave Aitel's Simple AppSec Metric

If you spent more on your GUI than on your security, you don't have a secure application. Start preparing for the PR fallout of your website getting hacked now.
-- Dave Aitel, CTO Immunity, Inc.

[Dailydave] A simple 100% failproof security metric: "- Sent using Google Toolbar"

QOTD on Security Today

You could stop the rest of your IT, and put all of your resources into security for a year and still not be 100pc secure.
-- Owen O’Connor, president of the Irish chapter of the Information Systems Security Association (ISSA)

Src: ANALYSIS: Taking the right response to data breach risk - Ireland’s CIO and strategy news and reports service – Siliconrepublic.com

QOTD - KPMG on Current Security Landscape

Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information, such as intellectual property and investment plans.
[...]
Information security attacks are a very real threat – they happen daily and just because a business or a business leader was not on a hacker's radar yesterday does not ensure safety today.
-- Paul Hanley, information security director at KPMG

Src: Nasdaq confirms its network was hacked - 07 Feb 2011 - Computing News

QOTD on Facebook & Privacy

The computer -- especially with sites like Facebook -- is now a virtual front door to your house allowing people access to your personal information. You deserve to look through the peep hole and decide who you are letting in.
-- US House Representative Joe Barton (Texas)

Src: Key lawmakers press Facebook on privacy concerns about user phone numbers and addresses [Updated] | Technology | Los Angeles Times