A collection of pithy quotes about security and resilience

If you know of any good quotes, please send them to us at [email protected] and we’ll add them


Resilience: The positive ability of a system or company to adapt itself to the consequences of a catastrophic failure …

Resilience is the capacity for complex systems to survive, adapt, evolve and grow in the face of turbulent change. The resilience enterprise is risk intelligent, flexible and agile..
From  The Resilient Economy: Integrating Competitiveness and Security, http://www.compete.org/ ISBN 1-889866-33-4:2007

A well managed crisis can actually leave your organisation stronger, more resilient and better tuned to the world than it was before
Luke Corbett, Chairman and CEO, Kerr-McGee Corportation Blythe  -2007

Resilience: the ability of a system to withstand stresses of ‘environmental loading’…a fundamental quality found in individuals, groups, organizations, and systems as a whole
Horne and Orr 1998, p. 31.

Resilience accepts shocks will occur and the organisation’s power of response is as
important as its power of control.

Resilience is the ability to recover from high consequence, low likelihood events
Adapted from Taleb – The Black Swan.
Available here http://www.bookdepository.co.uk/Black-Swan-Nassim-Nicholas-Taleb/9780141034591

Security is not an appliance, you can’t buy a black box and think that your organisation is secure.

My thoughts
Resilience is a state of mind, a journey, it is not something you do, but strive towards 

To this end Resilience is more about organisational culture and management than any of the traditional approaches to security. A resilient organisation lives and breathes its resilient  nature, it doesn’t give the job of ‘resilience manager’ to the bloke in on the second floor who used to work for a security organisation. The resilience job is given to the CEO by the board and they think about how the organisation will survive into the future, because they know the odds are stacked against them.


“If the Internet were a street, I wouldn’t walk it in daytime…” K. Bailey, CISO UW 2010

“The best thing about the Internet is that everybody’s your neighbour. The worst thing about the Internet is that every criminal and spy is also your neighbour”
– Alex Webling 2008

“The most dangerous cyberattack tool is the telephone, look how many people willingly give up their username and password when the nice man from the helpdesk rings them”
– Alex Webling 2010

“today’s secret NSA programs are tomorrow’s PhD dissertations and the next day’s hacker tools”
Bruce Schneier 2014


“Risk management: it’s not rocket science—it’s much more complicated because it is dependent on people”
— Alex Webling

“A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.” – Douglas Adams

“Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you.” – Attributed Theodore Roosevelt

“People who don’t take risks generally make about two big mistakes a year. People who do take risks generally make about two big mistakes a year.”  Peter F. Drucker

“Risk management is about people and processes and not about models and technology.”  Trevor Levine

“If you see an event reported in the mainstream media, it is by definition rare – news sites spend a lot more time analysing and reporting each death from terrorism than they do from car accidents, but you know which event is more likely” Alex Webling

“We will bankrupt ourselves in the vain search for absolute security” Dwight Eisenhower

More risk quotes


Governance / Organisations

Some Peter Drucker quotes worth remembering

1. “Doing the right thing is more important than doing the thing right.”

2. “If you want something new, you have to stop doing something old.”

3. “There is nothing quite so useless as doing with great efficiency something that should not be done at all.”

4. “What gets measured gets improved.”

5. “Results are gained by exploiting opportunities, not by solving problems.”

6. “So much of what we call management consists of making it difficult for people to work.”

7. “People who don’t take risks generally make about two big mistakes a year. People who do take risks generally make about two big mistakes a year.”

8. “Meetings are by definition a concession to a deficient organization. For one either meets or one works. One cannot do both at the same time.”

9. “Long-range planning does not deal with the future decisions, but with the future of present decisions.”

10. “Management is doing things right. Leadership is doing the right things”


“Not that I condone fascism, or any -ism for that matter. -Ism’s in my opinion are not good. A person should not believe in an -ism, he should believe in himself.”
Ferris Bueller’s Day Off (1986) – http://en.wikipedia.org/wiki/Ferris_Bueller’s_Day_Off