Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

Schneier Mulls Psychology of Security 101

Posted by ScuttleMonkey from the idle-musings dept.
bednarz writes "Cryptography expert Bruce Schneier says security decisions often are much less rational than one would prefer. He spoke at the RSA conference about the battle that goes on in the brain when responding to security issues. Schneier explains 'The primitive portion of the brain, called the amygdala, feels fear and incites a fear-or-flight response, he pointed out. "It's very fast, faster than consciousness. But it can be overridden by higher parts of the brain." The neocortex, which in a mammalian brain is associated with consciousness, is slower but "adaptive and flexible,"'"
This discussion has been archived. No new comments can be posted.

Schneier Mulls Psychology of Security More

Schneier Mulls Psychology of Security

Comments Filter:

  • instant vs. considered responses (Score:4, Interesting)

    by smellsofbikes ( 890263 ) on Wednesday February 07, 2007 @02:52PM (#17924062) Journal
    Malcolm Gladwell's book "Blink" [amazon.com] talks a lot about the differences between first impression and actual, thoughtful reaction to a situation, including some interesting studies on what happens when the two conflict and how measurement of the effects of those conflicts on reaction time can tell us a lot about how the brain is processing material. There's controversy around some of his conclusions but I strongly recommend the book and everything else Gladwell has written.

  • Too complicated (Score:3, Interesting)

    by Billosaur ( 927319 ) * <<wgrother> <at> <optonline.net>> on Wednesday February 07, 2007 @03:57PM (#17924956) Journal

    His view is far too complicated. The essence of security is: people think they are secure. They happily type their data into web sites without considering where it goes because in most cases, they have no clue what systems are in operation. Past the words "computer", "database", and "Internet (or Web)" the average person has no concept of how any of it works. Someone, their bank say, sends them a link to a website -- the first problem is, they really have no way to verify it is from their bank, other than going to their local branch and asking, which seems to be beyond anyone's capability. Now, once they've accepted that the link is "legitimate", whether it is or not, they plow ahead and begin banging on the keyboard and typing in their info. Screens come and go, they are admonished occasionally when they don't enter something right, and finally some message pops up thanking them and that's that. Whether the whole transaction was legitimate or not never enters into it.

    "Security" is a misnomer -- you are no more secure against possible data theft or manipulation on the Internet than you are physically safe crossing the street in a crosswalk. The only security you can have is in being vigilant in what you do and following up everything you do to make sure it is legitimate. Past that, you're on you own.

  • Re:Just look to government.... (Score:2, Interesting)

    by Anonymous Coward on Wednesday February 07, 2007 @04:02PM (#17925012)
    In the interest of bipartisanship you've exaggerated the intentions of those concerned about terrorism and understated the intentions of those concerned with with global warming.

    That's what I call a double straw-man.

  • Security and panic disorder (Score:1, Interesting)

    by Anonymous Coward on Wednesday February 07, 2007 @04:23PM (#17925246)
    As someone who suffers with panic disorder and who is also a network security person by trade (CISSP consultant, unfortunately) I can attest to the irrationality of the "lower" brain. Persons with my condition frequently find it unbearable to do something as simple as stand in line or get in an elevator as even the smallest perceived loss of freedom is enough to send the heart rate soaring. On a particularly bad day I had to excuse myself from a post office line for 15 minutes to pretend to be filling out an address on an envelope as the impending "Next!" and being faced with some "official" was making my hands shake. For the rest of you there is no more mundane experience than mailing a parcel!

    All that said, I think Schneider's comments about the amygdala are a bit misplaced. The horrendous waste of security resources in this country -- the 3oz limitation on liquids for example -- do not originate from a panicky, palm sweating reaction but rather a much more calculated, if reactive, decision to make the average person feel like something is being done. If you want to talk about the amygdala and security, talk about one's reaction to a stranger approaching you in the park at night with a "hey buddy, come here a second." Corporate and government security policies are hashed out in nauseatingly arduous sessions with many "expert" consultants who throw out their usual spiel to justify their oversized fee.

    Bruce would do better to argue that we need to account for our tendency to implement security schemes which favor the perception of effectiveness rather than true scenario effectiveness. Then again, he is a cryptographer, we can't expect him to be an expert on all things security. Injecting bits of psychology is tempting but runs the risk of being disingenuous. He loses a little credence in my view.

  • Re:Just look to government.... (Score:4, Interesting)

    by Lord Ender ( 156273 ) on Wednesday February 07, 2007 @04:36PM (#17925374) Homepage

    There's a lot of focus on OMG-deadly high-profile terrorist attacks, and on OMG-deadly consequences of global warming.
    Terrorism could cause a tiny handful of people to die. Warming could cause a mass extinction. Do you understand what I mean by mass extinction? I mean http://en.wikipedia.org/wiki/Mass_extinction [wikipedia.org].

    One of these is a minor annoyance to the human species. The other is the end of life as we know it. Some have even suggested that run-away global warming caused Venus to become the hell-hole it is today. These are very different problems.

    You are right that politicians, in general, care more about the appearance of solving problems than actually solving problems. But don't equate global warming with the relatively trivial issue of terrorism.

  • Re:It makes sense (Score:2, Interesting)

    by Profane MuthaFucka ( 574406 ) <busheatskok@gmail.com> on Wednesday February 07, 2007 @04:37PM (#17925388) Homepage Journal
    The first is that he thinks he is an expert in everything, and he thinks he is always right.

    That's not a problem if he is actually right. He's a security expert, which implies at least some competence in related areas. If someone thinks they are right, it's not a fault if they are actually right.

    The second is that for some reason people are unwilling to stand up and say when he is full of it.

    Where is he full of it? And why are people supposedly such cowards when it comes to standing up to him?

    Some days his blog is nothing other than Bush bashing under the guise of writing about security.

    Fully justified. The Bush administration has done almost nothing at all to make us secure. Again, what's the problem with that? Oh, I get it. You're putting politics ahead of security. Shame on you.

    That being secure and feeling secure are different is not news.

    If it's not news, then there's no excuse at all for the security theater which we see all around us.

    That even in business people make decisions based on emotions instead of understanding is not news either.

    In that case there's no reason to pay the executives the big bucks to make emotional decisions for either business or security. Fire them. And fire their boss, the person ultimately responsible for performance, GW Bush.

Slashdot Top Deals

Old programmers never die, they just hit account block limit.

Close