QOTD on PSN Breach

Adding a CISO after the fact is like hiring a bodyguard after you've been fatally wounded. It creates an impression that there's a lack of accountability.
-- Kevin Kosh, partner at Chen PR

Src: Sony Chief Stringer Blindsided by Hackers Seeking Revenge | Page 2 of 2

QOTD for IT Departments

When deny-by-default is the policy, the response to any request that leads to someone outside of IT using technology to innovate is, "Here's why you can't." In the new IT, the response has to be, "Here's how you can."
-- Bob Lewis, writing for Infoworld

QOTD on Stop, Think, Connect

People online need to check their brains at the keyboard. They use their heads when they drive so they drive safely. So they need to think when they're online. They need to stop before they're about to do something online, think about what it is they're about to do, and then connect, and do so in a safe way. It's sad for those of us in the information technology industry and people who have been cybersecurity geeks for 15 years, but nobody actually buys a computer to have computer security. They buy a computer to do things. That's the whole purpose of having a computer. That's why they're going to connect. They just need to do so in the right way.
-- Philip Reitinger, Deputy Undersecretary, US Department of Homeland Security

Src: DHS Hears Government Infosec Pros Concerns

QOTD on Security in Business

The most basic fact of business is that there are only three bottom-line priorities: revenue, cost, and risk. No matter what anyone at your company does, in the end it must tie back to making revenue grow, keeping costs under control, or managing risks more effectively.
-- Bob Lewis, writing for Infoworld

Src: How the App Store Reshapes IT's Priorities | PCWorld Business Center

QOTD on the Trusted Insider

You have a lot of folks that…pretty much have the keys to the castle... The enterprise admins have the ability to scour the entire network. That’s a hurdle that everyone has, especially with the move to managed services. You don’t know who the people who are managing your systems are anymore.
-- anonymous security expert at the US Homeland Security Department

Src: Wikileaks insider threat: A lesson for government cybersecurity managers | TechTarget.com

QOTD - Pescatore on Backward Thinking

Security strategies that are based on hoping the mainframe will come back will be bypassed like those little towns that were built 20 miles apart (because that is how far a horse could go in a day) got bypassed when the Interstates were built.
-- John Pescatore, vice president and research fellow at Gartner, Inc

QOTD - Google on Privacy

You should be able to delete information about you that we can control. You should own your data and we should be transparent.
-- Eric Schmidt, Executive Chairman of Google, Inc.

Src: Google Pledges Europe Privacy Controls to Fight ‘Elephant’ Image - Businessweek

QOTD - Obama on Cyberspace & Cybersecurity

Today, as nations and peoples harness the networks that are all around us, we have a choice. We can either work together to realize their potential for greater prosperity and security, or we can succumb to narrow interests and undue fears that limit progress. Cybersecurity is not an end unto itself; it is instead an obligation that our governments and societies must take on willingly, to ensure that innovation continues to flourish, drive markets, and improve lives. While offline challenges of crime and aggression have made their way to the digital world, we will confront them consistent with the principles we hold dear: free speech and association, privacy, and the free flow of information.

The digital world is no longer a lawless frontier, nor the province of a small elite. It is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold. It is one of the finest examples of a community self-organizing, as civil society, academia, the private sector, and governments work together democratically to ensure its effective management. Most important of all, this space continues to grow, develop, and promote prosperity, security, and openness as it has since its invention. This is what sets the Internet apart in the international environment, and why it is so important to protect.
-- US President Barrack Obama, The White House
[as quoted in the ZDNet article by David Gewirtz]

QOTD on US Int/l Strategy For Cyberspace

Assuring the free flow of information, the security and privacy of data, and the integrity of the interconnected networks themselves are all essential to American and global economic prosperity, security, and the promotion of universal rights.
-- US International Strategy for Cyberspace, White House (US)

Src: International_strategy_for_cyberspace.pdf (in Google Docs viewer)

QOTD on Security Myths

Sandboxing provides a malware free device, mobile apps are controlled, and there’s no money to steal in mobile apps are all myths will be proven wrong.
-- Amit Klein, CTO of Trusteer

Note: emphasis is mine.

Src: AusCERT 2011: Mobile banking malware on the rise - Trusteer, mobile malware, banking mobile, AusCERT 2011, Amit Klein - CIO

QOTD on Technology & Security

We don’t have a road network to eliminate accidents; we have it to enable fast travel. Once you want fast travel then you know some accidents are inevitable … Technology goes so fast that we’re using it faster than we can think of the consequences.
-- Professor Fred Piper, Royal Holloway University of London’s Information Security Group.