PDCA – Plan ⇒ Delay ⇒ Cancel ⇒ Apologize, then repeat. A random Facebook post
Risks vs Resources
You need to evaluate the short-term, medium-term, and long-term risk, and ask, how willing are you to tolerate that risk? Then invest limited security resources to deal with risks you are least likely to tolerate. Betsy Cooper, executive director of the Center for Long-Term Cybersecurity at UC Berkeley (via CSO Online)
Always Write Dumb Code
Always code as if the guy who ends up maintaining, or testing your code will be a violent psychopath who knows where you live. Dave Carhart
Insider Threat
The biggest threat to corporate security is corporate employees – whether malicious or not. Jason Hill, Director of Strategic Services, Cybriant
The Essense of Strategy
The essence of strategy is choosing what not to do. Michael Porter, “What is strategy?” In: Harvard Business Review, November (1996)
Javascript is Pretty Good…
JavaScript is pretty good at letting you code poorly if you don’t bother to learn it properly. Eric Elliott, from The Two Pillars of JavaScript
Secure
Everyone using “secure” as an adjective, as in “secure remote access,” is either selling something, or has just bought something. Andrew Ginter, from SCADA Security: What’s Broken and How to Fix It
Prevention Comes First
In SCADA systems, preventing intrusion must always be the first priority. We cannot after all, restore human lives or damaged equipments “from backups” the way we can with IT systems. Andrew Ginter, from SCADA Security: What’s Broken and How to Fix It
Compliance
Compliance with standards means doing what someone else has told us to do, whether it is useful or not. Paul Feldman, from SCADA Security: What’s Broken and How to Fix It
CIA is Nonsense
At almost all industrial sites, the first priority is not availability, integrity or confidentiality, but safety. The second priority is always reliability, not of the control system, but of the physical process. Andrew Ginter, from SCADA Security: What’s Broken and How to Fix It