QOTD - DHS on CyberSecurity & Risk

Cybersecurity is NOT implementing a checklist of requirements; rather it is managing cyber risks to an acceptable level. Managing cybersecurity risk as part of an organization’s governance, risk management, and business continuity frameworks provides the strategic framework for managing cybersecurity risk throughout the enterprise.
Src: https://www.us-cert.gov/sites/default/files/publications/DHS-Cybersecurity-Questions-for-CEOs.pdf

QOTD on InfoSec as a Top Concern for Management

... cyber-security can no longer be an isolated function but requires a focused effort and collaborative conversations among the various functions in an organisation.
--Tal Mozes, leader of Hacktics Advanced Security Centre

Src: Information security finally a top concern for management | Latest News & Updates at Daily News & Analysis

QOTD - Ex-NSA Deputy Director on Managing Privileged Users

Snowden was a system administrator, so by design he had more privileges. Does that expose a weakness in the system? In hindsight, Snowden went far beyond where we would have expected him to go. The challenge is how do you extend trust to individuals that you’ve gone to great time and trouble to find, vet, and develop confidence in, and allow them to exercise ingenuity, innovation, and creativity? We need to up our game without crushing the 99.9 percent of people who have operated faithfully. We need to focus on behaviors—on the access to data in real time, instead of on defending perimeters, operating systems, or artifacts. You’re looking for a change in behavior that is an anomaly and warrants close examination. 
 -- John C. Inglis, former NSA Deputy Director 

Src: Ex-NSA Deputy Director Says the Agency Must Be “Biased” Towards Defense, Not Attack | MIT Technology Review

QOTD - Mikko on Government Malware

We had the nuclear arms race for decades, but now we seem to be in a cyber arms race.
The idea of democratic western governments backdooring technology or using malware and trojans against other democratic governments would've sounded like science-fiction, but that is exactly where we are today.
-- Mikko Hypponen, Chief Research Officer for F-Secure

Src: Black Hat: Expert sheds light on government sponsored malware creation - SC Magazine