Dr. InfoSec's Quotes of the Week (015)

Sunday, March 06, 2011

Christophe Veltsos


KPMG on Current Security Landscape

"Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information, such as intellectual property and investment plans... Information security attacks are a very real threat – they happen daily and just because a business or a business leader was not on a hacker's radar yesterday does not ensure safety today." -- Paul Hanley, information security director at KPMG

On Security Today

"You could stop the rest of your IT, and put all of your resources into security for a year and still not be 100pc secure."
-- Owen O’Connor, president of the Irish chapter of the Information Systems Security Association (ISSA)

Dave Aitel's Simple AppSec Metric

"If you spent more on your GUI than on your security, you don't have a secure application. Start preparing for the PR fallout of your website getting hacked now."
-- Dave Aitel, CTO Immunity, Inc.

On Prudent Security

"The best question a managing director can ask is ‘tell me we’re not being complacent. You do have to reassess (security measures) from time to time because the risks are changing and your data is changing. Without being paranoid, you just have to be prudent." -- Dermot Williams, managing director at Threatscape

USDoD on CyberWarfare

"First, cyberwarfare is asymmetric.The low cost of computing devices means that U.S. adversaries do not have to build expensive weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S. military capabilities. A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target. Knowing this, many militaries are developing offensive capabilities in cyberspace, and more than 100 foreign intelligence organizations are trying to break into U.S. networks. Some governments already have the capacity to disrupt elements of the U.S. information infrastructure."
-- William J. Lynn III, US Deputy Secretary of Defense

Chess as Warfare

"In essence, chess is warfare, as much psychology as strategy. To win, one must understand the mentality of the opponent, hinted at in each new move. One must so thoroughly master the adversary’s weaknesses—an overzealous offence? guarding rather than attacking? a passion for sweeping one end?—that one can anticipate them and use them. Chess is a game of information, false and true, derived from what the opponent “should” do, based on his own past play or that of others, and on what the opponent actually does. Chess has no bloodshed, but the exhilaration of psychological warfare—taking no prisoners in a complete victory—is its attraction." -- Stewart Gordon

End Users & Security

"In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide." -- Robert Ayoub, global program director - network security for Frost & Sullivan

Cross-posted from Dr. Infosec

Possibly Related Articles:
Application Security hackers Information Security Cyber Warfare GUI End Users
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.