Psychology of Security

Slides:



Advertisements
Similar presentations
Personal Finance Chapter 1: Personal Financial Planning
Advertisements

Day 2 Evolution of Decision-Making.  Tversky and Kahneman, 1974  Heuristics – general rules of thumb, or habits  Generally result in decent estimates.
1 Intuitive Irrationality: Reasons for Unreason. 2 Epistemology Branch of philosophy focused on how people acquire knowledge about the world Descriptive.
Behavioral Finance Ahmed Elshahat October 27 th 2006 CPE.
Judgment and Decisions. Judgment: “how likely is that …?” Decision-Making (Choice): ‘should you take a coupon for $200 or $100 in cash, given that …”
Risk Thomas Lumley Department of Statistics University of Auckland.
Misconceptions and Fallacies Concerning Probability Assessments.
1 st lecture Probabilities and Prospect Theory. Probabilities In a text over 10 standard novel-pages, how many 7-letter words are of the form: 1._ _ _.
Fallacies in Probability Judgment Yuval Shahar M.D., Ph.D. Judgment and Decision Making in Information Systems.
Thinking, Deciding and Problem Solving
Reasoning What is the difference between deductive and inductive reasoning? What are heuristics, and how do we use them? How do we reason about categories?
Judgment in Managerial Decision Making 8e Chapter 3 Common Biases
Running Experiments with Amazon Mechanical-Turk Gabriele Paolacci, Jesse Chandler, Jesse Chandler Judgment and Decision Making, Vol. 5, No. 5, August 2010.
Do we always make the best possible decisions?
The Psychology of Security ….a work in progress Bruce Schneier DIMACS Workshop on Information Security Economics Rutgers University 18 January 2007.
General Analytical Model of Decision Making
Decision Making. Test Yourself: Decision Making and the Availability Heuristic 1) Which is a more likely cause of death in the United States: being killed.
Perception and Individual Decision-Making
Today’s Topic Do you believe in free will? Why or why not?
HRM 601 Organizational Behavior Session 9 Decision Making In Organizations.
Good thinking or gut feeling
Chapter 10 Thinking.
RISK BENEFIT ANALYSIS Special Lectures University of Kuwait Richard Wilson Mallinckrodt Professor of Physics Harvard University January 13th, 14th and.
RISK BENEFIT ANALYSIS Special Lectures University of Kuwait Richard Wilson Mallinckrodt Professor of Physics Harvard University January 13th, 14th and.
Lecture 15 – Decision making 1 Decision making occurs when you have several alternatives and you choose among them. There are two characteristics of good.
FIN 614: Financial Management Larry Schrenk, Instructor.
Reframe the problem or the solution
LESSON TWO ECONOMIC RATIONALITY Subtopic 10 – Statistical Reasoning Created by The North Carolina School of Science and Math forThe North Carolina School.
Judgement Judgement We change our opinion of the likelihood of something in light of new information. Example:  Do you think.
Psychology 485 March 23,  Intro & Definitions Why learn about probabilities and risk?  What is learned? Expected Utility Prospect Theory Scalar.
BEHAVIORAL FINANCE.
Exercise 2-6: Ecological fallacy. Exercise 2-7: Regression artefact: Lord’s paradox.
1 DECISION MAKING Suppose your patient (from the Brazilian rainforest) has tested positive for a rare but serious disease. Treatment exists but is risky.
Investment and portfolio management MGT 531.  Lecture #29.
CHS AP Psychology Unit 7 Part II: Cognition Essential Task 7.3: Identify decision making techniques (compensatory models, representativeness heuristics,
A. Judgment Heuristics Definition: Rule of thumb; quick decision guide When are heuristics used? - When making intuitive judgments about relative likelihoods.
Heuristics and Biases Thomas R. Stewart, Ph.D. Center for Policy Research Rockefeller College of Public Affairs and Policy University at Albany State University.
The Representativeness Heuristic then: Risk Attitude and Framing Effects Psychology 355: Cognitive Psychology Instructor: John Miyamoto 6/1/2016: Lecture.
Psychology and Personal Finance
Exercise 2-7: Regression artefact: Lord’s paradox
Behavioral Economics A branch of economics that studies the psychology of decision-making to explain consumer behavior.
Unit 7 Part II: Cognition
Behavioral Finance.
Warm Up #1 Do you think like an economist?
Interpretation and Perception
Thomas Lumley Department of Statistics University of Auckland
Thinking & Language What effects how you think?.
PSY 323 – Cognition Chapter 13: Judgment, Decisions & Reasoning.
Skepticism and Empiricism in Psychology
HNDBM – 6. Perception & Individual Decision Making
Financial Planning.
Thomas Lumley Department of Statistics University of Auckland
Tuesday May 10th - Bell Work
1st: Representativeness Heuristic and Conjunction Errors 2nd: Risk Attitude and Framing Effects Psychology 355:
These slides are preview slides
A prolonged feeling of helplessness, hopelessness, and sadness.
Decision Making Decision - making a choice from two or more alternatives. Problem - an obstacle that makes it difficult to achieve a desired goal or purpose.
Thinking and Language.
Investment Analysis and Portfolio Management
Cognition and Language
Cognitive Bias Regarding Risks and Benefits
Setting Financial Goals
Choices, Values and Frames
HEURISTICS.
Setting Financial Goals
Setting Financial Goals
POLI 421 January 14, 2019 Tversky and Kahneman on Heuristics and Biases Slovic on misperceptions of risk POLI 421, Framing Public Policies.
User Summit 2018 Decision Psychology Thursday, October 25, 2018
Ethical Theory Seeking a Standard for Morally Correct Action
Quattrone and Tversky 1998, Slovic 1987
Presentation transcript:

Psychology of Security Rachel Greenstadt February 27, 2018

Thursday’s Class Canceled No class Thursday (I have to go to a funeral) Instead, online discussion Post a short description of your security breach and something interesting you found out about it by Thursday. Respond to someone else's post by next Tuesday.

How do people make security decisions? Behavioral economics Bounded Rationality (Decision-making) Psychology of Risk Neuroscience

Security as a feeling

All Security is Trade-offs Grounding Airplanes

All Security is Tradeoffs Bulletproof vests

Evolution and Security Tradeoffs

To make tradeoffs, need to evaluate risk The severity of the risk. The probability of the risk. The magnitude of the costs. How effective the countermeasure is at mitigating the risk. How well disparate risks and costs can be compared.

Ignorance can explain some of this Thin people with prediabetes

But not all Why is it that, even if someone knows that automobiles kill 40,000 people each year in the U.S. alone, and airplanes kill only hundreds worldwide, he is more afraid of airplanes than automobiles? Why is it that, when food poisoning kills 5,000 people every year and 9/11 terrorists killed 2,973 people in one non-repeated incident, we are spending tens of billions of dollars per year (not even counting the wars in Iraq and Afghanistan) on terrorism defense while the entire budget for the Food and Drug Administration in 2007 is only $1.9 billion?

Risk perception People exaggerate spectacular but rare risks and downplay common risks. People have trouble estimating risks for anything not exactly like their normal situation. Personified risks are perceived to be greater than anonymous risks. People underestimate risks they willingly take and overestimate risks in situations they can't control. Last, people overestimate risks that are being talked about and remain an object of public scrutiny.

New vs old risks

Natural vs Human-Made

Chosen vs Imposed Risks

Risks with benefits

Risks with bad deaths

Risks with and without control

Awareness increases fear

Uncertainty increases fear

Risks to others vs self

Risks to children vs self

Risk and the brain

Neocortex is slower and newer than amygdala

System 1 and System 2 The operations of System 1 are typically fast, automatic, effortless, associative, implicit (not available to introspection), and often emotionally charged; they are also governed by habit and therefore difficult to control or modify. The operations of System 2 are slower, serial, effortful, more likely to be consciously monitored and deliberately controlled; they are also relatively flexible and potentially rule governed.

Risk Heuristics Alternative A: A sure gain of $500. Alternative B: A 50% chance of gaining $1,000. Alternative C: A sure loss of $500. Alternative D: A 50% chance of losing $1,000.

Prospect theory

More risk heuristics Imagine a disease outbreak that is expected to kill 600 people Program A: "200 people will be saved." Program B: "There is a one-third probability that 600 people will be saved, and a two-thirds probability that no people will be saved.” Program C: "400 people will die." Program D: "There is a one-third probability that nobody will die, and a two-thirds probability that 600 people will die."

The framing effect can change people from risk averse to risk seeking Imagine a disease outbreak that is expected to kill 600 people Program A: "200 people will be saved." Program B: "There is a one-third probability that 600 people will be saved, and a two-thirds probability that no people will be saved.” Program C: "400 people will die." Program D: "There is a one-third probability that nobody will die, and a two-thirds probability that 600 people will die."

Endowment effect People value things they have more than things they don’t have. How much would you pay for X? How much would you sell X for?

Other biases Optimism bias – valence effect Affect bias – overall good feeling leads to lower risk perception, overall bad feeling leads to higher risk perception Overly attuned to risks involving people Especially children

Estimating probability 1,2,3, many ½, ¼, 1/8, almost never

Availability Heuristic Tendency to form a judgment on the basis of information that is readily brought to mind Why is it useful? Frequent events are easily brought to mind Why is it sometimes misleading? Factors other than frequency affect ease of remembering Ease of retrieval (starts with k, has k as 3rd letter) Recency of the example (advertisement, news) Familiarity (What % of people go to college)

Availability Heuristic 15x more likely to be killed by falling coconuts than sharks

Representative Heuristic People judge “representative” events to be more probable

Representativeness Linda is 31 years old, single, outspoken, and very bright. She majored in philosophy. As a student, she was deeply concerned with issues of discrimination and social justice, and also participated in antinuclear demonstrations. Which is more likely Linda is a bank teller. Linda is a bank teller and is active in the feminist movement.

Base Rate Fallacy IDS 99% accurate System generates 1,000,100 log entries 100/1,000,100 events actually malicious 99 events detected malicious, 1 false negative 1,000,000 benign events, 10,000 mistakenly identified as malicious, 10,000 false positives 10,099 alarms sounded, 10,000 false alarms 99% alarms are false alarms

Mental accounting Trade-off 1: Imagine that you have decided to see a play where the admission is $10 per ticket. As you enter the theater you discover that you have lost a $10 bill. Would you still pay $10 for a ticket to the play? Trade-off 2: Imagine that you have decided to see a play where the admission is $10 per ticket. As you enter the theater you discover that you have lost the ticket. The seat is not marked and the ticket cannot be recovered. Would you pay $10 for another ticket?

Anchoring bias https://www.youtube.com/watch?v=HefjkqKCVpo

Making Sense of the Perception of Security The severity of the risk. The probability of the risk. The magnitude of the costs. How effective the countermeasure is at mitigating the risk. The trade-off itself. We have focused on imperfect information, but it is not the whole story

Used for good Help people override natural tendencies and make better security choices Maybe unrealistic?

Used for evil Focus on feeling of security at the expense of the reality Not ethical

Try to make feeling of security match the reality

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.