[Air-l] metaphors for internet security
Allan A Friedman
allan at merlin.sccs.swarthmore.edu
Tue Jun 3 12:14:43 PDT 2003
From: jeremy hunsinger <jhuns at vt.edu>
>the problem with the body metaphor is that it is quite hard to seize
>total control of someone's body and mind... but it isn't that hard to
>take control of a computer, even without any virus, etc.
True, but I really liked the body metaphor, especially from the threat
model perspective and looking at how people behave. I would venture that
people approach computer security risks more from a hygiene perspective:
* Many people have a vague idea of how [security flaws/illnesses] happen
* There is a lot of misinformation, made manifest through behavior that an
expert would consider irrational.
* It's correlated to a degree of trust: we won't get infected by people
we're close to
* There are plenty of media scares that lead to
* Over-estimation of rare risks (credit card theft, getting AIDS by using
a public restroom), and an under-estimation of the damage from common
behavior (not washing hands, opening an unexpected attachment)
* The overall system has proven to be very resilient, but it's very easy
to concieve of catastrophes.
...and we can even prescribe secure behavior in terms of hygiene:
* Don't download or open files that you don't know to be clean
* Use professional [security/medical] services every so often
* Keep informed from _reliable_ news sites
/\llan
Allan Friedman
Pre-Doctoral Candidate, Public Policy
Kennedy School of Government, Harvard University
More information about the Air-L
mailing list