A bird's eye view

In the recently held Hack-in-the-Box Security Conference 2008, world-renowned security expert, Bruce Schneier, CTO and founder of BT Counterpane spoke at length on the need to match reality to feeling to enable true security.

  • E-Mail
By  Sathya Ashok Published  May 18, 2008

In the recently held Hack-in-the-Box Security Conference 2008, world-renowned security expert, Bruce Schneier, CTO and founder of BT Counterpane spoke at length on the need to match reality to feeling to enable true security.

"There is a feeling of security and there is the reality of security. These concepts are different but it is human to link both of them to the same word - security. We need to separate them and see them for what they are."

So said Bruce Schneier, CTO and founder of BT Counterpane and one of the world's foremost authorities on security. He was speaking to a packed audience of programmers, vendors and industry stakeholders on the very first day of the Hack-in-the-Box Security Conference (HITBSecConf 2008) at Dubai.

Models are our intelligent representation of reality. When it is working well, the model fades into the background, because feeling matches reality and there is no need for a model.

In his keynote address, Schneier borrowed from his latest book 'Beyond Fear' to illustrate some of the high-level, economic and behavioural psychology aspects that influence the way we perceive and respond to security everyday.

"As humans we react to the feeling of security, rather than reality often times. This is good enough most of the time and has served us to survive in ancient times. Modern times are harder. Two important things interfere with our intuitive sense of security. One is technology which is non-intuitive and the other is the media, which magnifies and distorts reality," Schneier stated.

According to Schneier, people need to attempt to close the gap between reality and feeling, in order to ensure they are more secure.

"Products have to address the feeling of security and they have to make people notice that they are secure. One way for people to do that is to understand the system. The more you know, the more you will know if a product mitigates risk. Another way is to have information on the product's real-world effectiveness in the form of positive or negative examples," he said.

The third element is a ‘model' which is something in people's heads that serves as a cognitive structure of reality based on reason and modified by fear. People use models everyday to decide their responses to fearful or difficult situations.

"Models are our intelligent representation of reality. With increasing familiarity, feelings overlap with the model. When it is working well, the model fades into the background, because feeling matches reality and there is no need for a model," said Schneier.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code