Presentation is loading. Please wait.

Presentation is loading. Please wait.

Psychology of Security

Published byJonas Bryant Modified over 5 years ago

Similar presentations

Presentation on theme: "Psychology of Security"— Presentation transcript:

1 Psychology of Security
Rachel Greenstadt February 27, 2018

2 Thursday’s Class Canceled
No class Thursday (I have to go to a funeral) Instead, online discussion Post a short description of your security breach and something interesting you found out about it by Thursday. Respond to someone else's post by next Tuesday.

3 How do people make security decisions?
Behavioral economics Bounded Rationality (Decision-making) Psychology of Risk Neuroscience

4 Security as a feeling

5 All Security is Trade-offs
Grounding Airplanes

6 All Security is Tradeoffs
Bulletproof vests

7 Evolution and Security Tradeoffs

8 To make tradeoffs, need to evaluate risk
The severity of the risk. The probability of the risk. The magnitude of the costs. How effective the countermeasure is at mitigating the risk. How well disparate risks and costs can be compared.

9 Ignorance can explain some of this
Thin people with prediabetes

10 But not all Why is it that, even if someone knows that automobiles kill 40,000 people each year in the U.S. alone, and airplanes kill only hundreds worldwide, he is more afraid of airplanes than automobiles? Why is it that, when food poisoning kills 5,000 people every year and 9/11 terrorists killed 2,973 people in one non-repeated incident, we are spending tens of billions of dollars per year (not even counting the wars in Iraq and Afghanistan) on terrorism defense while the entire budget for the Food and Drug Administration in 2007 is only $1.9 billion?

11 Risk perception People exaggerate spectacular but rare risks and downplay common risks. People have trouble estimating risks for anything not exactly like their normal situation. Personified risks are perceived to be greater than anonymous risks. People underestimate risks they willingly take and overestimate risks in situations they can't control. Last, people overestimate risks that are being talked about and remain an object of public scrutiny.

12 New vs old risks

13 Natural vs Human-Made

14 Chosen vs Imposed Risks

15 Risks with benefits

16 Risks with bad deaths

17 Risks with and without control

18 Awareness increases fear

19 Uncertainty increases fear

20 Risks to others vs self

21 Risks to children vs self

22 Risk and the brain

23

24 Neocortex is slower and newer than amygdala

25 System 1 and System 2 The operations of System 1 are typically fast, automatic, effortless, associative, implicit (not available to introspection), and often emotionally charged; they are also governed by habit and therefore difficult to control or modify. The operations of System 2 are slower, serial, effortful, more likely to be consciously monitored and deliberately controlled; they are also relatively flexible and potentially rule governed.

26 Risk Heuristics Alternative A: A sure gain of $500.
Alternative B: A 50% chance of gaining $1,000. Alternative C: A sure loss of $500. Alternative D: A 50% chance of losing $1,000.

27 Prospect theory

28 More risk heuristics Imagine a disease outbreak that is expected to kill 600 people Program A: "200 people will be saved." Program B: "There is a one-third probability that 600 people will be saved, and a two-thirds probability that no people will be saved.” Program C: "400 people will die." Program D: "There is a one-third probability that nobody will die, and a two-thirds probability that 600 people will die."

29 The framing effect can change people from risk averse to risk seeking
Imagine a disease outbreak that is expected to kill 600 people Program A: "200 people will be saved." Program B: "There is a one-third probability that 600 people will be saved, and a two-thirds probability that no people will be saved.” Program C: "400 people will die." Program D: "There is a one-third probability that nobody will die, and a two-thirds probability that 600 people will die."

30 Endowment effect People value things they have more than things they don’t have. How much would you pay for X? How much would you sell X for?

31 Other biases Optimism bias – valence effect
Affect bias – overall good feeling leads to lower risk perception, overall bad feeling leads to higher risk perception Overly attuned to risks involving people Especially children

32 Estimating probability
1,2,3, many ½, ¼, 1/8, almost never

33 Availability Heuristic Tendency to form a judgment on the basis of information that is readily brought to mind Why is it useful? Frequent events are easily brought to mind Why is it sometimes misleading? Factors other than frequency affect ease of remembering Ease of retrieval (starts with k, has k as 3rd letter) Recency of the example (advertisement, news) Familiarity (What % of people go to college)

34 Availability Heuristic
15x more likely to be killed by falling coconuts than sharks

35 Representative Heuristic
People judge “representative” events to be more probable

36 Representativeness Linda is 31 years old, single, outspoken, and very bright. She majored in philosophy. As a student, she was deeply concerned with issues of discrimination and social justice, and also participated in antinuclear demonstrations. Which is more likely Linda is a bank teller. Linda is a bank teller and is active in the feminist movement.

37 Base Rate Fallacy IDS 99% accurate
System generates 1,000,100 log entries 100/1,000,100 events actually malicious 99 events detected malicious, 1 false negative 1,000,000 benign events, 10,000 mistakenly identified as malicious, 10,000 false positives 10,099 alarms sounded, 10,000 false alarms 99% alarms are false alarms

38

39 Mental accounting Trade-off 1: Imagine that you have decided to see a play where the admission is $10 per ticket. As you enter the theater you discover that you have lost a $10 bill. Would you still pay $10 for a ticket to the play? Trade-off 2: Imagine that you have decided to see a play where the admission is $10 per ticket. As you enter the theater you discover that you have lost the ticket. The seat is not marked and the ticket cannot be recovered. Would you pay $10 for another ticket?

40 Anchoring bias

41 Making Sense of the Perception of Security
The severity of the risk. The probability of the risk. The magnitude of the costs. How effective the countermeasure is at mitigating the risk. The trade-off itself. We have focused on imperfect information, but it is not the whole story

42 Used for good Help people override natural tendencies and make better security choices Maybe unrealistic?

43 Used for evil Focus on feeling of security at the expense of the reality Not ethical

44 Try to make feeling of security match the reality

Download ppt "Psychology of Security"

Similar presentations

Personal Finance Chapter 1: Personal Financial Planning

Personal Finance Chapter 1: Personal Financial Planning
Day 2 Evolution of Decision-Making.  Tversky and Kahneman, 1974  Heuristics – general rules of thumb, or habits  Generally result in decent estimates.

Day 2 Evolution of Decision-Making.  Tversky and Kahneman, 1974  Heuristics – general rules of thumb, or habits  Generally result in decent estimates.
1 Intuitive Irrationality: Reasons for Unreason. 2 Epistemology Branch of philosophy focused on how people acquire knowledge about the world Descriptive.

1 Intuitive Irrationality: Reasons for Unreason. 2 Epistemology Branch of philosophy focused on how people acquire knowledge about the world Descriptive.
Behavioral Finance Ahmed Elshahat October 27 th 2006 CPE.

Behavioral Finance Ahmed Elshahat October 27 th 2006 CPE.
Judgment and Decisions. Judgment: “how likely is that …?” Decision-Making (Choice): ‘should you take a coupon for $200 or $100 in cash, given that …”

Judgment and Decisions. Judgment: “how likely is that …?” Decision-Making (Choice): ‘should you take a coupon for $200 or $100 in cash, given that …”
Risk Thomas Lumley Department of Statistics University of Auckland.

Risk Thomas Lumley Department of Statistics University of Auckland.
Misconceptions and Fallacies Concerning Probability Assessments.

Misconceptions and Fallacies Concerning Probability Assessments.
1 st lecture Probabilities and Prospect Theory. Probabilities In a text over 10 standard novel-pages, how many 7-letter words are of the form: 1._ _ _.

1 st lecture Probabilities and Prospect Theory. Probabilities In a text over 10 standard novel-pages, how many 7-letter words are of the form: 1._ _ _.
Fallacies in Probability Judgment Yuval Shahar M.D., Ph.D. Judgment and Decision Making in Information Systems.

Fallacies in Probability Judgment Yuval Shahar M.D., Ph.D. Judgment and Decision Making in Information Systems.
Thinking, Deciding and Problem Solving

Thinking, Deciding and Problem Solving
Reasoning What is the difference between deductive and inductive reasoning? What are heuristics, and how do we use them? How do we reason about categories?

Reasoning What is the difference between deductive and inductive reasoning? What are heuristics, and how do we use them? How do we reason about categories?
Judgment in Managerial Decision Making 8e Chapter 3 Common Biases

Judgment in Managerial Decision Making 8e Chapter 3 Common Biases
Running Experiments with Amazon Mechanical-Turk Gabriele Paolacci, Jesse Chandler, Jesse Chandler Judgment and Decision Making, Vol. 5, No. 5, August 2010.

Running Experiments with Amazon Mechanical-Turk Gabriele Paolacci, Jesse Chandler, Jesse Chandler Judgment and Decision Making, Vol. 5, No. 5, August 2010.
Do we always make the best possible decisions?

Do we always make the best possible decisions?
The Psychology of Security ….a work in progress Bruce Schneier DIMACS Workshop on Information Security Economics Rutgers University 18 January 2007.

The Psychology of Security ….a work in progress Bruce Schneier DIMACS Workshop on Information Security Economics Rutgers University 18 January 2007.
General Analytical Model of Decision Making

General Analytical Model of Decision Making
Decision Making. Test Yourself: Decision Making and the Availability Heuristic 1) Which is a more likely cause of death in the United States: being killed.

Decision Making. Test Yourself: Decision Making and the Availability Heuristic 1) Which is a more likely cause of death in the United States: being killed.
Perception and Individual Decision-Making

Perception and Individual Decision-Making
Today’s Topic Do you believe in free will? Why or why not?

Today’s Topic Do you believe in free will? Why or why not?
HRM 601 Organizational Behavior Session 9 Decision Making In Organizations.

HRM 601 Organizational Behavior Session 9 Decision Making In Organizations.

Similar presentations

Ads by Google