4 Quotes by Allan Paller

We can't protect these systems. The skill level of most Windows users is novice at best, and the basic design of Windows and Macintosh systems isn't geared to security.

It seems to me the idea of competing for resources with audit is the shortest path to going away. If you partner with them and share the load and treat audit with due deference, you have a shot. As long as you compete, it won't work.

It works wonderfully if you're a bad guy.

The ISO is going to the CEO saying there's a chance something bad, and possibly something embarrassing, could happen. But how much of a chance, the ISO doesn't know. And if he spends this kind of money, he can reduce the risk but by how much, he doesn't know. It's simply not enough data. Every other C-level executive does better than that and takes on the responsibility for defining the risk. Here, the CISO is putting the responsibility on the CEO. They don't want it, and eventually they won't take it.