Security is both a feeling and a reality
March 3rd, 2007 by Jiri
I have just started exploring the relevant literature in behavioral economics, the psychology of decision making, the psychology of risk, and neuroscience. Undoubtedly there is a lot of research out there for me still to discover, and more fascinatingly counterintuitive experiments that illuminate our brain heuristics and biases. But already I understand much more clearly why we get security trade-offs so wrong so often.
As documented in few of my previous posts, I have been long interested in psychological aspects of security. It has been my view that most discussions on security that takes place in corporates - both in the security and non-security departments are more about perception of security than the real security itself. And it definitely did not have anything to do with a typical excuse security folks have - ‘users being clueless’.
When I first read Cialdini, it completely overwhelmed me, but the book gave a good pointer towards why it is so. It is great to see Bruce Schneier has discovered such a great topics worth of researching after he sold off Counterpane to BT.