Security is a chain; the weakest link breaks it.— Bruce Schneier
— David Balaban, Privacy PC
An IT security specialist should, first and foremost, be a business analyst. He should have a complete understanding of the business processes in the company and all the automated control systems being utilized. This will allow him to clearly break down the company infrastructure into subsystems according to their security levels, focusing on the entities that are critical for the business workflow.
Security is a process, not a product.Bruce Schneier
USBs are the devil. They just are.— overheard at SecureWorld Atlanta
We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.— Dr. Larry Ponemon, Chairman, Ponemon Institute, at SecureWorld Boston
…the market doesn’t reward good security, so we get lousy security. And the government doesn’t regulate good security. So there’s absolutely no incentives anywhere to have good security. So we don’t.— Bruce Schneier, at SecureWorld Boston
The internet is about to start killing people, and government regulates things that kill people,”— Bruce Schneier, at SecureWorld Boston