Security Placebos vs Active Ingredients

There is this interesting article about a talk Bruce Schneier gave about the value of security measures. He makes the great point about there is value in making people feel secure, but it must be balanced against the danger of complacency. From the article:

Schneier noted that despite the well known impact of emotional and psychological thinking on security decisions, information remains the greatest weapon that we have in creating good security solutions.The best security solution will fail if it doesn’t cater to both the reality and perceptions to do with security, Schneier warned.

“For most of my career I would insult ‘security theatre’ and ‘snake oil’ for being dumb. In fact, they’re not dumb. As security designers we need to address both the feeling and the reality of security. We can’t ignore one.

“It’s not enough to make someone secure, that person needs to also realise they’ve been made secure. If no-one realises it, no-one’s going to buy it,” Schneier said.

The goal must be to get the reality and perception matching up – so that security solutions aren’t lulling users into a false sense of security, or letting them exist in an unnecessary climate of fear.

This sounds like it was an interesting talk. It would be great if someone could point me to a transcript.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s