Information security is an economics problem.

Secure is an adjective, so it’s subjective to owner’s risk acceptance.

Many recommendations across the Net sound like this: ‘Don’t keep your information on the cloud.’ Fair enough, but it’s the same as if you asked, ‘How not to get my house burned down?’ and the answer would be, ‘Do not have a house.’ The logic is solid, but a better way to translate such advice is, ‘avoid storing sensitive information on the cloud.’ So if you have a choice you should opt for keeping your crucial information away from virtual world or use appropriate solutions.

Technology is like fish. The longer it stays on the shelf, the less desirable it becomes.

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.

Whether you’re traveling with a laptop, netbook, smartphone, iPad, or all of the above, the risks and defenses against them are basically the same.

A business will have good security if its corporate culture is correct. That depends on one thing: tone at the top. There will be no grassroots effort to overwhelm corporate neglect.

I think the insistence on credentials at companies is such a huge mistake. I believe you should hire people based on who they are and what they’ve done, not because of something like what college they went to–or even whether they went to college. It turns out, the rigor that college requires often screens out the most creative people anyway.