Read moreIf security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.
Read more“Do I want to know why you’re so informed about spyware?” she asked. Nikolaos gave her a charming, dazzling smile. “No, my dear. You do not.”
Read moreWe didn’t install the [Code Red] patch on those DMZ systems because they were only used for development and testing [Shortly after spending 48 hours straight removing Code Red worm from internal corporate servers in 2001].
Read moreThe methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won’t suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.
Read moreTo competently perform rectifying security service, two critical incident response elements are necessary: information and organization.
Read moreIf you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.
Read moreDoveryai, no proveryai (Trust, but verify).
Read moreWhen entrusted to process, you are obligated to safeguard.
Read moreGive a man an audit and he will be secure for a day. Teach a man to audit and he will be secure for the rest of his life.