Quotes

PDCA – Plan ⇒ Delay ⇒ Cancel ⇒ Apologize, then repeat. A random Facebook post

You need to evaluate the short-term, medium-term, and long-term risk, and ask, how willing are you to tolerate that risk? Then invest limited security resources to deal with risks you are least likely to tolerate. Betsy Cooper, executive director of the Center for Long-Term Cybersecurity at UC Berkeley (via CSO Online)

Always code as if the guy who ends up maintaining, or testing your code will be a violent psychopath who knows where you live. Dave Carhart

The biggest threat to corporate security is corporate employees – whether malicious or not. Jason Hill, Director of Strategic Services, Cybriant

The essence of strategy is choosing what not to do. Michael Porter, “What is strategy?” In: Harvard Business Review, November (1996)

JavaScript is pretty good at letting you code poorly if you don’t bother to learn it properly. Eric Elliott, from The Two Pillars of JavaScript

Everyone using “secure” as an adjective, as in “secure remote access,” is either selling something, or has just bought something. Andrew Ginter, from SCADA Security: What’s Broken and How to Fix It

In SCADA systems, preventing intrusion must always be the first priority. We cannot after all, restore human lives or damaged equipments “from backups” the way we can with IT systems. Andrew Ginter, from SCADA Security: What’s Broken and How to Fix It

Compliance with standards means doing what someone else has told us to do, whether it is useful or not. Paul Feldman, from SCADA Security: What’s Broken and How to Fix It

At almost all industrial sites, the first priority is not availability, integrity or confidentiality, but safety. The second priority is always reliability, not of the control system, but of the physical process. Andrew Ginter, from SCADA Security: What’s Broken and How to Fix It