InfoSec Philippines

Information Security, Technology News and Opinions

InfoSec Quotes

“Quis custodiet ipsos custodes?”
– Juvenal (Roman poet), roughly translated to “Who watches the watchmen?” or “Who will guard the guards?” (- From Wikipedia)
– related to ISO 27k:2005 A.10.10.4 Administrator and operator logs

“Igitur qui desiderat pacem, praeparet bellum” or, “Si vis pacem, para bellum.”
“If you want peace prepare for war”
– From “Epitoma Rei Militaris,” by Vegetius (- From

“Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage — to move in the opposite direction.”
– Albert Einstein

The following comes from SecLists.Org Security Mailing List Archive

“There are those who have 20 years of experience, and those who have one year of experience twenty times”.
– Mark Williams (mdwilliams_44_at_YAHOO.COM)

“… divided betwen people that know what they do and other people that think they know cause they where tought [SIC] and are certified.

The following comes from

“The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it’s easy to remember, it’s something nonrandom like ‘Susan.’ And if it’s random, like ‘r7U2*Qnp,’ then it’s not easy to remember.”
– Bruce Schneier

“More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.”
– Bruce Schneier

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”
– Bruce Schneier

“The superior man, when resting in safety, does not forget that danger may come. When in state of security he does not forget the possibility of ruin. When all is orderly, he does not forget disorder may come. Thus his person is not endangered and his states and all their clans are preserved.”
– Confucius (551 BC – 479 BC)

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”
– Gene Spafford

“Hoaxes use weaknesses in human behaviour to ensure they are replicated and distributed. In other words, hoaxes prey on the Human Operating System.”
– Stewart Kirkpatrick

The following comes from

“Let us not look back in anger or forward in fear, but around in awareness.”
– James Thurber

“The user’s going to pick dancing pigs over security every time.”
– Bruce Schneier

“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”
– Kahlil Gibran

“There are no secrets better kept than the secrets that everybody guesses.”
– George Bernard Shaw

“Better be despised for too anxious apprehensions, than ruined by too confident security.”
– Edmund Burke

“The mantra of any good security engineer is: ‘Security is a not a product, but a process.’ It’s more than designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together.” – Bruce Schneier

“I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image.”
– Stephen Hawking

“It is much more secure to be feared than to be loved.”
– Niccolo Machiavelli

“In view of all the deadly computer viruses that have been spreading lately, Weekend Update would like to remind you: when you link up to another computer, you’re linking up to every computer that that computer has ever linked up to.”
– Dennis Miller

“We’re sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder.”
– “Rockhound” in the movie ‘Armageddon’

“Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful.”
– Niccolo Machiavelli

“Those who do not archive the past are condemned to retype it!”
– Garfinkel and Spafford, Practical UNIX Security (first edition) [Webmaster’s note: To paraphrase Santayana…]

“We only need to be lucky once. You need to be lucky every time.”
– The IRA to Margaret Thatcher, after a failed assassination attempt

“The anguish of low quality lingers long after the sweetness of low cost is forgotten.”
– Unknown, quote suggested by Peter Gregory, CISSP, CISA

“In God we trust. All others, we virus scan.”
– Unknown

“Those of us in security are very much like heart doctors — cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, and eat fried foods, and practice being couch potatoes until they have their infarction. Then they want a magic pill to make them better all at once, without the effort. And by the way, they claim loudly that their condition really isn’t their fault — it was genetics, or the tobacco companies, or McDonalds that was to blame. And they blame us for not taking better care of them. Does this sound familiar?

But it doesn’t have to be this way. We can do things better. We need to stop doing business as usual and start focusing on end-to-end quality. Security needs to be built in from the start — not slapped on after the fact.”
– Gene Spafford, at the 23rd National Information Systems Security Conference in October 2000

If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.
– Richard Clarke (White House Cybersecurity Advisor)

“We have only two modes – complacency and panic.”
– James R. Schlesinger, the first U.S. Dept. of Energy secretary, in 1977, on the country’s approach to energy

“The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won’t suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.”
– Kevin Mitnick

“The man who trades freedom for security does not deserve nor will he ever receive either.”
– Benjamin Franklin

“We will bankrupt ourselves in the vain search for absolute security.”
– Dwight D. Eisenhower

“One person’s “paranoia” is another person’s ‘engineering redundancy.’ ”
– Marcus J. Ranum

“Security must begin at the top of an organization. It is a leadership issue, and the chief executive must set the example.”
– Heard at a security conference

“There is no castle so strong that it cannot be overthrown by money.”
– Cicero

“Phishing is a major problem because there really is no patch for human stupidity”
– Mike Danseglio, program manager in the Security Solutions group at Microsoft, April 4, 2006

“Badges? We ain’t got no badges! We don’t need no badges. I don’t have to show you any stinkin’ badges!”
– from the film “Treasure of Sierra Madre”

“You can’t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.”
– Daryl White, DOI CIO

“I do not fear computers. I fear the lack of them.”
– Isaac Asimov

“If computers get too powerful, we can organize them into a committee – that will do them in.”
– Bradley’s Bromide

“The best way to get management excited about a disaster plan is to burn down the building across the street.”
– Dan Erwin, Security Officer, Dow Chemical Co.

“A business will have good security if its corporate culture is correct. That depends on one thing: tone at the top. There will be no grassroots effort to overwhelm corporate neglect.”
– William Malik, Vice President and Research Area Director for Information Security at Gartner.

“Just as drivers who share the road must also share responsibility for safety, we all now share the same global network, and thus must regard computer security as a necessary social responsibility. To me, anyone unwilling to take simple security precautions is a major, active part of the problem.”
– Fred Langa

“Teaching should be such that what is offered is perceived as a valuable gift and not as a hard duty.”
– Albert Einstein

“If your personnel do not know or understand how to maintain confidentiality of information, or how to secure it appropriately, not only do you risk having one of your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, but you also risk being in non-compliance of a growing number of laws and regulations that require certain types of information security and privacy awareness and training activities. You also risk damaging another valuable asset, corporate reputation.”
– Rebecca Herold, “Managing an Information Security and Privacy Awareness and Training Program” 2005

“People don’t react to reality; they react to their perceptions of reality.”
– Human psychology truism

“Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron’s cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their consciences.”
– C. S. Lewis


3 Responses to “InfoSec Quotes”

  1. Albert Camus, The Rebel said

    I rebel therefore we exist.

  2. ocean said


  3. joan s carino said

    Hi Jim,

    Still remember me? Used to work together in sgv. May i know your office address and contact number please. Thanks


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: