Reconceptualizing Security

This post is about another video presentation of the linux.conf.au 08. linux.conf.au logo

Bruce Schneider gave a speech about security  [download as ogg theora or spx]. He states that the word security has two meanings. One is the security in reality (how secure something really is) and the feeling of security (how secure somebody feels about something).
He explains why this difference is important and that these two concepts need to be addressed in different ways.

I think the presentations explains and clarifies a lot of phenomenas in the field of security (IT, airlines, …). But I think he should have talked more about how we can take irrational fears from people and to allow them to think about the real security more instead of relying on their feelings of security.

Security is both a feeling and a reality.  You can feel secure without actually being secure, and you can be secure even though you don’t feel secure.
In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important.  It explains why we have so much security theater that doesn’t work, and why so many smart security solutions go unimplemented.  Several different fields — behavioral economics, the psychology of decision making, evolutionary biology — shed light on how we perceive security, risk, and cost.
Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used.

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: