ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Schneier: Perceptions of security are flawed Video icon

Munir Kotadia, Chris Duckett and Liam Tung ZDNet Australia

Published: 18 Feb 2008 10:46 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

While the media bombards consumers with frightening stories, discussions about security are thwarted by the failure of language to separate the "feeling" and "reality" of security, according to Bruce Schneier.

Schneier, author of Applied Cryptography and, most recently, Beyond Fear, said there is a fundamental problem with the way we think about security, and its roots can be traced back to a failure of language.

"'Security' is a complicated word," Schneier told ZDNet Australia at the linux.conf.au conference.

"You can feel secure and there's the reality of security — how secure you are. And they're different things. You can feel secure, even though you're not, and you can be secure, even though you don't realise it," Schneier said.

The problem in today's media-intensive world is that consumers are repeatedly bombarded with coverage of out-of-the-ordinary or newsworthy events, such as kidnappings and terrorism. This ultimately distorts people's view of the world, according to Schneier.

"When something rare happens, it's talked about endlessly. It's repeated again and again, so our brains are fooled into thinking it's common because it's what psychologists call "available" — the memories are more available. And one of our mental shortcuts is to think of things that are more available as more common," Schneier said.

Although the media's treatment of events could be held responsible for this confusion between perception and reality, there is another element at play: language, or rather its failure to accommodate for the difference between the "feeling" and "reality" of security.

"In effect, we have two very different concepts mapped on the same word. And this makes a lot of conversations about the feeling and reality of security hard to have because our language fails us," Schneier said.

Credit: Schneier: Bad news is good news, not so for security from ZDNet Australia

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
16 out of 18 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. Erm ... What he said .. as usual Andrew Meredith

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:



Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Google sponsors open source security p...

Google has announced it is to sponsor oCERT, an open source computer emergency response team. In a blog post on Monday, Google security engineer Will Drewry said that one of the... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation