Ross Anderson’s Psychology & Security page

by adam on October 30, 2009

Ross Anderson has a new Psychology and Security Resource Page. His abstract:

A fascinating dialogue is developing between psychologists and security engineers. At the macro scale, societal overreactions to terrorism are founded on the misperception of risk and undertainty, which has deep psychological roots. At the micro scale, more and more crimes involve deception; as security engineering gets better, it’s easier to mislead people than to hack computers or hack through walls. Many systems also fail because of usability problems: the designers have different mental models of threats and protection mechanisms from users. Wrong assumptions about users can lead systems to discriminate against women, the less educated and the elderly. And misperceptions cause security markets to fail: many users buy snake oil, while others distrust quite serviceable mechanisms. Security is both a feeling and a reality, and they’re different. The gap gets ever wider, and ever more important.

A tremendous resource.

3 comments

[…] for framing risks  beyond simple statement of facts and statistics, namely to deal with the psychology of risk. Security is about avoiding bad outcomes.  We have fear and uncertainty about those outcomes and […]

by Just say ‘no’ to FUD « The New School of Information Security on October 30, 2009 at 9:04 pm. Reply #

Ross, can you direct me? Look for thought on the use of methods to assist in the identificaition of individuals with the potential toward abberant behavior. My purpose:

Create a service “Secure Campus” to advise high-school and college administrators in the creation of a secure campus environment.

The idea considers the creation of a private sector organization that would provide assistance to high-schools and smaller private colleges. After reading and considering the following information, I would appreciate your input and any suggestions. However, I do understand that you may not have the time or the inclination to take the time to do so. Again, this is only an idea and one with but little “meat on the bones”, so to speak.
My work in the juvenile justice system and college administration has provided me with only a modicum of experience regarding campus security issues. Therefore, a significant amount of additional expertise and assistance would be needed to create such a campus advisory service a service provided by a highly qualified team of independent contractors.
Understanding the potential issues that campus administrators must face, in creating a student/staff secure environment, is itself a significant undertaking. In addition, at this point, I am uncertain as to the number of other such private organizations that may be available to assist administrators in meeting this serious charge: the establishment of a “best practices” guide and its implementation, but additional research can answer these questions.
The culmination of this discussion/investigation is to consider a potential consultative service that a team, as fee for service contractors, could provide.

Thank you for any help or direction.
Dennis Montrella

by Dennis Montrella on March 30, 2010 at 9:02 pm. Reply #

Psychology is one of the most interesting branches of science because there are so many unknowns.”~`

by Paige Flores on May 24, 2010 at 5:50 am. Reply #

Leave your comment

Not published.

If you have one.