Ed Moyle Quotes (20 Quotes)

When you take into account the fact that a large enterprise might have tens of thousands or hundreds of thousands of machines, the job of securing those machines is very difficult and keeping them secure over time is even more difficult still.

The best security organizations I've worked with understand and attempt to quantify the risk-management decisions they make on an ongoing basis.

Those that favor the preservation of the current model fear that ceding oversight to the U.N. would result in a less 'laissez-faire' environment -- that it would open the door to tighter control and thereby engender all the trappings of control potential taxation, inefficiency, or restriction on free speech.

As a technologist, I'm not convinced that the U.N. is necessarily better equipped to deal with these issues than any number of other possible oversight bodies, including the U.S. Department of Commerce.

By doing all these things, ... the enterprise will know how to respond to a threat in ways that minimize downtime and keep digital assets secure, even in a world where threats are almost guaranteed.

Some nations remain wary of the U. S. calling the shots. In August, for example, the Bush administration objected to creation of an . xxx domain for adult-content Web sites. Since all ICANN decisions are subject to approval by the U. S. Department of Commerce, President Bush can ultimately decide whether or not to allow that change to proceed, ... No other country has that level of voice in the process.

In general, black hats learn their tricks the same way that everybody else does through a network of informational Web sites, magazines, conventions and advice from peers. There's even hacker radio.

By using data from their threat-tracking efforts, the CIO can demonstrate how I.T. investment impacted the bottom line in terms of cost savings.

Worry in a CIO reflects uncertainty in the management process.

In Moyle's opinion, a balancing act of sorts is required. Make diversity too small and you increase the impact of population-level events, make it too diverse and you can reduce manageability and thereby make individual-level events more likely, ... Heterogeneity has to be balanced with manageability for the organization's maximum benefit.

The enterprise is starting to recognize that IM is here to stay and that it needs to be secured along with other technologies like HTTP and e-mail. As enterprises realize this, they are interested in protecting that technology with products from the vendors they are already using.

Getting the threat of breach entirely to zero is effectively impossible, even in relatively small enterprises. And the closer we aim toward zero, the more expensive and time-consuming it becomes.

If the U. N. intends to softly encourage the transition to IPv6 via policy -- or merely wishes to coordinate or 'track' the deployment of IPv6 over time -- the impact will likely be minimal, ... But if they are going to take a stronger approach -- which they could theoretically do with the new authority -- the impact would once again be tremendous.

The idea sounds good because a lot of viruses have used the macro capability of Office for propagation purposes and that's a huge problem, ... Having a new extension for this will allow the virus-checking software on e-mail gateways to filter on that particular extension, either to search files coming in with that extension more carefully, or to exclude them altogether.

Even if IM isn't used directly for business purposes, a number of organizations still find it beneficial to provide a standardized IM channel. When IM was emerging, many enterprises attempted to restrict IM use, but found there were administrative advantages to offering a sanctioned and standardized IM portal.

There's also usually a black hat contingent at most mainstream security conferences. Since information security and hacking are two sides of the same coin, many hackers go to security conferences and many security professionals go to hacker events -- neither community seems to mind.

If the trends continue, I think it is likely that game platforms will become a more attractive target for attack in the future. Looking far enough ahead, game platforms might ultimately become an even more attractive target than general purpose PCs.

Mass-mailing worms will often leverage issues in Office as part of their method of propagation. As such, I strongly advise that these patches be installed as soon as possible -- particularly within the enterprise where the e-mailing of Office documents is more commonplace and expected.

From a making-it-work perspective, having a new extension for macros is a good idea, said network security expert Ed Moyle. It allows virus-checking software in an e-mail to filter on that extension and to search files coming in with that extension more carefully, or to exclude them altogether on a content filtering gateway while allowing the majority of the office docs to pass through without hindrance, ... My only concern is making a smooth transition to the new format.

The U. S. is expected to ask why it should give up oversight of something -- the Internet -- that initially was developed by its military under the aegis of the U. S. Defense Advanced Research Projects Agency (DARPA). The U. N. is understandably nervous about the ability of the U. S. to exert control over ICANN under the current structure, ... even if that ability isn't currently utilized to any significant degree.