This post is about another video presentation of the linux.conf.au 08.
Bruce Schneider gave a speech about security [download as ogg theora or spx]. He states that the word security has two meanings. One is the security in reality (how secure something really is) and the feeling of security (how secure somebody feels about something).
He explains why this difference is important and that these two concepts need to be addressed in different ways.
I think the presentations explains and clarifies a lot of phenomenas in the field of security (IT, airlines, …). But I think he should have talked more about how we can take irrational fears from people and to allow them to think about the real security more instead of relying on their feelings of security.
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don’t feel secure.
In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn’t work, and why so many smart security solutions go unimplemented. Several different fields — behavioral economics, the psychology of decision making, evolutionary biology — shed light on how we perceive security, risk, and cost.
Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used.