Abstract: | Bruce Schneier examines prospect theory and how it applies to computer security. The solution is not to sell security directly, but to include it as part of a more general product or service. Vendors need to build security into the products and services that customers actually want. Security is inherently about avoiding a negative, so you can never ignore the cognitive bias embedded so deeply in the human brain. But if you understand it, you have a better chance of overcoming it. |