KPMG on Current Security Landscape
"Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information, such as intellectual property and investment plans... Information security attacks are a very real threat – they happen daily and just because a business or a business leader was not on a hacker's radar yesterday does not ensure safety today." -- Paul Hanley, information security director at KPMG
On Security Today
"You could stop the rest of your IT, and put all of your resources into security for a year and still not be 100pc secure." -- Owen O’Connor, president of the Irish chapter of the Information Systems Security Association (ISSA)
Dave Aitel's Simple AppSec Metric
"If you spent more on your GUI than on your security, you don't have a secure application. Start preparing for the PR fallout of your website getting hacked now." -- Dave Aitel, CTO Immunity, Inc.
On Prudent Security
"The best question a managing director can ask is ‘tell me we’re not being complacent. You do have to reassess (security measures) from time to time because the risks are changing and your data is changing. Without being paranoid, you just have to be prudent." -- Dermot Williams, managing director at Threatscape
USDoD on CyberWarfare
"First, cyberwarfare is asymmetric.The low cost of computing devices means that U.S. adversaries do not have to build expensive weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S. military capabilities. A dozen determined computer programmers can, if they find a vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target. Knowing this, many militaries are developing offensive capabilities in cyberspace, and more than 100 foreign intelligence organizations are trying to break into U.S. networks. Some governments already have the capacity to disrupt elements of the U.S. information infrastructure." -- William J. Lynn III, US Deputy Secretary of Defense
Chess as Warfare
"In essence, chess is warfare, as much psychology as strategy. To win, one must understand the mentality of the opponent, hinted at in each new move. One must so thoroughly master the adversary’s weaknesses—an overzealous offence? guarding rather than attacking? a passion for sweeping one end?—that one can anticipate them and use them. Chess is a game of information, false and true, derived from what the opponent “should” do, based on his own past play or that of others, and on what the opponent actually does. Chess has no bloodshed, but the exhilaration of psychological warfare—taking no prisoners in a complete victory—is its attraction." -- Stewart Gordon
End Users & Security
"In the modern organization, end-users are dictating IT priorities by bringing technology to the enterprise rather than the other way around. Pressure to secure too much and the resulting skills gap are creating risk for organizations worldwide." -- Robert Ayoub, global program director - network security for Frost & Sullivan
Cross-posted from Dr. Infosec