- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
RSA '07 HQ: Click here for complete coverage.
SAN FRANCISCO -- One of the security industry’s most outspoken experts, Bruce Schneier, spoke at RSA Conference on the topic of how security decisions and perceptions are often driven by irrational and subconscious motives in human beings.
The CTO at BT Counterpane, who is known for his talent in cryptography as well as his critical observations about technology use, yesterday turned his attention to a different matter: an analysis of human behavior in the face of risk-management decisions.
In Schneier’s view, security managers need to be aware that they themselves, their business managers and their corporate user groups are likely to make critical security decisions based on barely acknowledged impressions of fear and irrational response, rather than a careful study of facts.
“Security is a tradeoff,” Schneier said, speaking to a packed audience at his RSA session. “What are you getting for what you're giving up? Whether you make that tradeoff consciously or not, there is one.”
He noted that probably no one in the audience was wearing a bullet-proof vest because no one thought the risk was worth it, especially given how uncomfortable and unfashionable it would appear. “We made these tradeoffs every day,” Schneier said, adding every animal species does. In the world of business, human psychology plays a strong role in decisions about acquiring security defenses as well, he asserted.
Schneier based his presentation on his own study of tracts written in the fields of behavioral science, human psychology and university research about how people make choices. He said there’s reason to believe that decision-making in security is much less rational than one would prefer.
There is a “feeling versus reality,” Schneier said. “You can feel secure but not be secure. You can be secure but not feel secure.”
The primitive portion of the brain, called the amygdala, feels fear and incites a fight-or-flight response, he pointed out. “It’s very fast, faster than consciousness. But it can be overridden by higher parts of the brain.”
The neocortex, which in a mammalian brain is associated with consciousness, is slower but “adaptive and flexible,” designed to work toward confronting fear and making decisions to promote security, Schneier said.
The Leader in Network Knowledge
Comments (3)
wank!By Anonymous on October 15, 2008, 9:54 amwank!
Reply | Read entire comment
I guess this guy has beenBy Anonymous on February 7, 2007, 5:04 pmI guess this guy has been through airport security a time or two.
Reply | Read entire comment
RSA '07: Bruce Schneier casts light on psychology of securityBy Anonymous on February 7, 2007, 3:40 pmIn a quarter century in the IT business, it's pretty clear that it isn't just security decisions that are poorly made. But what can a well-meaning but clueless...
Reply | Read entire comment
View all comments