The Psychology of Security
An essay by Bruce Schneier, information security industry juggernaut, found its way into my inbox in late February. Downloaded to my PDA, I finally got around to reading it last night, and found it so interesting that I felt compelled to share.
Although there are a few computer-related overtones in the essay, the physiological foundation that gives us the sense of being secure is universal. But the feeling of security and the actual reality of being secure are two very different things. Schneier's essay discusses where these perceptions come from, how they work, and why they diverge from the reality of security.
Generally grouped into four sub-sections, the essay touches on behavioral economics, the psychology of decision-making, the psychology of risk, and neuroscience. Some of the best reading deals with how the psychological perception of security is coupled closely with risk biases and heuristics.
We have shortcuts, rules of thumb, stereotypes, and biases—generally known as "heuristics." These heuristics affect how we think about risks, how we evaluate the probability of future events, how we consider costs, and how we make trade-offs. We have ways of generating close-to-optimal answers quickly with limited cognitive capabilities.
Traveling full-time, I am constantly analyzing, assessing, and re-assessing the safety of my person and belongings. It is something I live with every waking hour of every day, and have grown comfortable doing so as a result. It was easy for me to read this essay and make correlations in the psychology of risk taking and the life that I lead.
Behavioral economics is something that I'm well acquainted with (loads of classroom time in universities has been spent detailing the subject), but I've never studied much psychology—something I regret—save for the direct business applications to that of marketing and consumerism. I found the essay, and the great examples of odd behaviors contained within, to be absolutely fascinating.