"Security is not a product, but a process."
Dorothy Denning's quote emphasizes that security is not something you can simply buy or acquire, but rather it is an ongoing process. It suggests that achieving and maintaining security requires consistent effort and actions, not just the implementation of hardware or software solutions. This process may include regular updates, training employees, establishing policies, and monitoring systems for potential threats. In other words, true security demands a proactive approach that focuses on addressing risks over time, rather than relying solely on specific tools or technologies.
"Information assurance is the preservation of confidentiality, integrity, and availability of information systems."
Dorothy Denning's quote emphasizes the importance of maintaining the fundamental security principles in any information system - Confidentiality (ensuring sensitive data is accessible only to authorized individuals), Integrity (ensuring the data is accurate, complete, and trustworthy over its lifecycle), and Availability (making sure the data and systems are accessible when needed). Information Assurance encompasses the practices, policies, and technologies designed to defend against unauthorized access, modification, or disruption.
"In order to design secure systems, we must understand their threats, vulnerabilities, and risk."
This quote emphasizes that creating secure systems is not just about understanding the functionality and features, but also about recognizing the potential dangers (threats), identifying areas of weakness (vulnerabilities), and assessing the level of harm they can cause (risk). In other words, to build a secure system, one must have a thorough understanding of both the positive aspects (the system's design and capabilities) and the negative aspects (possible attacks and breaches).
"Trust is good, control is better, and both are needed for security."
Dorothy Denning's quote emphasizes that a balanced approach to ensuring security involves both trust and control. Trust, in this context, represents the reliance on others (e.g., colleagues, allies) to act with integrity and follow established norms or rules. Control, on the other hand, refers to the mechanisms put in place to verify compliance and mitigate risks, ensuring that actions align with established security policies and protocols. In essence, Denning suggests that an effective security strategy combines trust in others with rigorous controls to maintain a secure environment.
"Security is not an add-on; it must be designed in from the start."
This quote by Dorothy Denning emphasizes that security should not be considered as an afterthought or additional feature, but rather a fundamental part of the design process from the very beginning. In other words, security is integral to the foundation of any system or product, not something to be tacked on later. This perspective helps ensure robust and resilient systems that can withstand potential threats and protect data effectively.
If you're searching for quotes on a different topic, feel free to browse our Topics page or explore a diverse collection of quotes from various Authors to find inspiration.