psychologyofsecurity – SSL and internet security news

Security and Human Behavior (SHB) 2020

June 19, 2020 infossl

conferences, economicsofsecurity, psychologyofsecurity, Security technology, securityconferences

Today is the second day of the thirteenth Workshop on Security and Human Behavior. It’s being hosted by the University of Cambridge, which in today’s world means we’re all meeting on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro … Read More “Security and Human Behavior (SHB) 2020” »

Andy Ellis on Risk Assessment

December 6, 2019 infossl

psychologyofsecurity, riskassessment, risks, Security technology

Andy Ellis, the CSO of Akamai, gave a great talk about the psychology of risk at the Business of Software conference this year. I’ve written about this before. One quote of mine: “The problem is our brains are intuitively suited to the sorts of risk management decisions endemic to living in small family groups in … Read More “Andy Ellis on Risk Assessment” »

Science Fiction Writers Helping Imagine Future Threats

July 23, 2019 infossl

movieplotthreats, nationalsecuritypolicy, psychologyofsecurity, Security technology, terrorism

The French army is going to put together a team of science fiction writers to help imagine future threats. Leaving aside the question of whether science fiction writers are better or worse at envisioning nonfictional futures, this isn’t new. The US Department of Homeland Security did the same thing over a decade ago, and I … Read More “Science Fiction Writers Helping Imagine Future Threats” »

Security and Human Behavior (SHB) 2019

June 6, 2019 infossl

conferences, economicsofsecurity, psychologyofsecurity, schneiernews, Security technology, securityconferences

Today is the second day of the twelfth Workshop on Security and Human Behavior, which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in … Read More “Security and Human Behavior (SHB) 2019” »

Programmers Who Don’t Understand Security Are Poor at Security

March 27, 2019 infossl

incentives, programming, psychologyofsecurity, Security technology, securityengineering

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they’re not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers … Read More “Programmers Who Don’t Understand Security Are Poor at Security” »

Public Shaming of Companies for Bad Security

September 18, 2018 infossl

psychologyofsecurity, Security technology, securityengineering, securitypolicies

Troy Hunt makes some good points, with good examples. Powered by WPeMatico

Measuring the Rationality of Security Decisions

August 7, 2018 infossl

academicpapers, economicsofsecurity, psychologyofsecurity, Security technology, securityeducation

Interesting research: “Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions“: Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic … Read More “Measuring the Rationality of Security Decisions” »

Conservation of Threat

June 29, 2018 infossl

academicpapers, psychologyofsecurity, Security technology, threatmodels, warontheunexpected

Here’s some interesting research about how we perceive threats. Basically, as the environment becomes safer we basically manufacture new threats. From an essay about the research: To study how concepts change when they become less common, we brought volunteers into our laboratory and gave them a simple task – to look at a series of … Read More “Conservation of Threat” »

The Habituation of Security Warnings

June 6, 2018 infossl

academicpapers, psychologyofsecurity, Security technology, securityawareness

We all know that it happens: when we see a security warning too often — and without effect — we start tuning it out. A new paper uses fMRI, eye tracking, and field studies to prove it. EDITED TO ADD (6/6): This blog post summarizes the findings. Powered by WPeMatico

Security and Human Behavior (SHB 2018)

May 25, 2018 infossl

conferences, psychologyofsecurity, schneiernews, Security technology, securityconferences

I’m at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, … Read More “Security and Human Behavior (SHB 2018)” »