Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security IT

Schneier Mulls Psychology of Security 101

Posted by ScuttleMonkey from the idle-musings dept.
bednarz writes "Cryptography expert Bruce Schneier says security decisions often are much less rational than one would prefer. He spoke at the RSA conference about the battle that goes on in the brain when responding to security issues. Schneier explains 'The primitive portion of the brain, called the amygdala, feels fear and incites a fear-or-flight response, he pointed out. "It's very fast, faster than consciousness. But it can be overridden by higher parts of the brain." The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"'"
This discussion has been archived. No new comments can be posted.

Schneier Mulls Psychology of Security More

Schneier Mulls Psychology of Security

Comments Filter:

  • Most people cannot define "security". (Score:5, Informative)

    by khasim ( 1285 ) <brandioch.conner@gmail.com> on Wednesday February 07, 2007 @02:30PM (#17923726)
    Bruce has more at his website.
    http://www.schneier.com/essay-155.html [schneier.com]

    As he says, we really should have two different words for the "feeling of security" and "security".

  • Re:Just look to government.... (Score:4, Informative)

    by Walt Dismal ( 534799 ) on Wednesday February 07, 2007 @02:33PM (#17923752)
    Another way of looking at the amygdala is to consider it a Priority Interrupt Controller. Other parts of the brain evaluate success or impending failure of certain goals, such as survival, and the amygdala chooses the strongest and most important issues and flags them for highest attention. This can be overriden by conscious rationality, but that is slower. I believe the amygdala evolved to handle fast decisions needing urgent attention or the cave bear would eat you by the time you reasoned out how to rationally respond.

  • Schneier says no, but that's not his aim (Score:5, Informative)

    by schwaang ( 667808 ) on Wednesday February 07, 2007 @02:57PM (#17924114)
    In his essay [schneier.com] he tells a little joke about aiming for 100% security:

    I remember in the weeks after 9/11, a reporter asked me: "How can we prevent this from ever happening again?" "That's easy," I said, "simply ground all the aircraft."
    100% security has never been his aim. His aim, AFAICT, is to distinguish real security from BS, so we can evaluate the costs and tradeoffs and then make smart choices.

    More on this philosophy:

    The truth is that we're not hopelessly bad at making security trade-offs.[...]There are several specific aspects of the security trade-off that can go wrong. For example:

          1. The severity of the risk.
          2. The probability of the risk.
          3. The magnitude of the costs.
          4. How effective the countermeasure is at mitigating the risk.
          5. How well disparate risks and costs can be compared.

    The more your perception diverges with reality in any of these five aspects, the more your perceived trade-off won't match the actual trade-off.

Slashdot Top Deals

All seems condemned in the long run to approximate a state akin to Gaussian noise. -- James Martin

Close