Repeatable processes are science not art
Knowledge is learned, skills are practiced
Repeatable processes can lead to reasonable information security
Impersonation via phone is fraudulent identity (felony) in California and some other states
100s of hacks occur per day but Anonymous is newsworthy
1988 Morris worm shut down 1/3 of the Internet. Imagine that occurring today...
1997 Worcester Airport - wardialer use analogous to WarGames (1982)
Multiple historical cybersecurity events have been accomplished as a result of commonly known vulnerabilities that were preventable
2 ways to hack - take advantage of config problems or software vulnerabilities
Security should be common sense
Computers are more like cars than toasters, maintenance required
(Threat*Vulnerability)/Countermeasures * Value = Risk
Dedicated information security/risk management budget is better than it being a percentage of IT budget which may itself be dwarfed by relationship to total revenues
Multi-factor authentication will cost $2mil while saving $10mil in losses <-cost justification gets budget, ROI
2 teenagers in Cloverdale, California in ~2001 resulted in DoD Secretary announcing that it was experiencing significant, coordinated attack
Anonymous is akin to rodents poking heads in little holes as opposed to a great dragon. HBGary was social engineering of password as opposed to high tech hack. Persistence, but not complexity.
FUD is ok to get budget that will optimize risk levels
Cloud providers should adhere to client organizational policies, not clients to theirs. Security is not server specific.
More people die weekly from heart attacks than did from Anthrax, but Anthrax changed behavior, creating terror
Terrorism is about terror, not damages
Little things cost billions, e.g., virus attacks result in millions but are downplayed
Security is management problem, must vs. should, CEO and CIO must be in sync (preferably on must)
Real moral of Wizard of Oz - you always had what you were looking for but didn't know how to use it <-security
Train workers to use common sense
