Bruce Schneier gave a keynote address at the Black Hat conference in Las Vegas last Thursday where he talked about security being a state of mind.

The Black Hat conference was held over 3 days, with speakers and training sessions focused on computer security. Bruce Schneier’s “The Psychology of Security” keynote addressed the difficulty in quantifying security because of its emotional component.

“How we feel about security in a given situation can affect how secure we really are.”

Bruce Schneier says everybody is a security consumer - we all must continually decide how much money, time and effort we will spend to feel secure. This is a basic instinct. And it passes into the business realm in our security decision making process.

Schneier mentions that decisions are based upon severity of risk, the probability of risk, the magnitude of risk, and the effectiveness of a risk (the response choice). The assessment of these probabilities is subjective and often misjudged. Scheier recommends that companies spend more time considering their perceptions surrounding security - assessing these risks - in order to be better prepared.

Via CNet Tags: bruce schneier, black hat, security, computer security, business security, risk, risk assessment