• “The current way which organisations approach security can be recognised as an underlying market failure which consists of fire fighting security problems, silo'd implementation of technologies, uncontrolled application development practices and a failure to address systemic problems. Organisations tend to deal with one problem at a time that results in the deployment of point solutions to treat singular problems. This failure is typical of an uncontrolled marketplace evolving with little or no co-ordination.

    The British Government’s Technology Strategy Board, 2008
    Read more...

  • “Systems built without requirements cannot fail; They merely offer surprises. Usually unpleasant!

    Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, 1995

    Read more...

  • "One often hears recommendations for key-sizes of public-key cryptosystems needed to obtain security for 30 years and even 50 years. Anyone wanting a real security of this magnitude should probably take the construction of the quantum computer into consideration."

    ECRYPT, “D.PROVI.3 – First Summary Report on Unconditionally Secure Protocols”, January 2005

    Read more...
Home Resources Expert Opinions Information assurance quote: Brian Snow, Assurance is best addressed early
quote: Brian Snow, Assurance is best addressed early

Assurance is best addressed during the initial design and engineering of security systems, NOT as an after market patch. The earlier you include a security architect in your design process, the greater the likely hood of a successful and robust design.

As the quip goes, he who gets to the (module) interface first wins.

Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008
 

Related Items