From Erik\\\\\\\\\\\\\\\'s IT-Security notes
Jump to: navigation, search

Have you read a good book lately? Was it about security? Good! Here are some more!

The Science of fear – Why we fear the things we shouldn’t -- and put ourselves in greater danger

ISBN: 978-0-525-95062-2 (Hard copy)

Author: Daniel Gardner

Release year: 2008

Number of pages: 329

Score: 80/100

I’m a regular reader of Bruce Schneier’s excellent security newsletter and I’ve also read some of his books. About 6 months ago he recommended the book "The Science of fear – Why we fear the things we shouldn’t -- and put ourselves in greater danger" by Daniel Gardner (ISBN: 978-0-525-95062-2) in his newsletter. I’ve read it, and here’s a short review.

First off, it is not a very technical book. It instead focuses on human psychology and how we act on risks and handle fear. And the score card is in: we’re not doing it very well. I personally reflect on the idea of "mind over matter". The idea is that we can put reason in the driver seat and relegate emotion to be the noisy "back seat driver", who always thinks he knows how to drive better than the real driver. But I don’t think we can. It’s just a misconception. Gardner calls emotion “gut” throughout the book and clearly establishes gut as the driver. If you think that’s wrong, try to do algebra while suffocating. Or better: don’t. Really, don’t! Gut is the primary driver and reason can only step in as the "second opinion". This means you don’t have to give in to fear every time, but you can only stop it after it sets in.

The book swiftly kills the old theory of the “rational human being” and instead explains that gut is good at keeping us alive in threatening situations. It also establishes how gut cannot handle fear and anxiety if they are abstract. How do you handle a guy with a knife? Run? Fight? Gut has the answer! How do you handle the fear of swine flu? It’s not that you know when it will strike or how it will affect you. The answer is: gut cannot present a clear assessment of the danger. You feel anxiety as a result.

Daniel Gardner refers to a number of rules that explain the human behavior when it comes to thoughts about risks and threats. The “example rule” that states we will react more strongly to something that saw, experienced or read about recently. The “Anchor rule” that shows how we use recently heard numbers when we try to calculate risks. If you say there are 50 000 criminals out on the street, most people will say "that’s too much". Instead of discarding the unverified numbers, they lower them. We say something like -"More like 5000 criminals I think" when we criticize the numbers presented to us. Politicians know this! Be careful when they give you big numbers with no sources available.

Then there’s the "Good – bad" rule. It states that we underestimate the risks with things we like. Gun violence is easy to fear too much, whereas the risk of getting skin cancer due to excessive exposure of the sun is something we often play down. Sunning in fun and good for you (In limited doses)

There are many other rules explained and myths debunked in a book overflowing with common sense and historical anecdotes. I warmly recommend it to anyone interested in psychology or who understands just how neglected the science of fear is in the IT-security business. Rating? 4 out of 5 Amygdalas.

Bonus thought: "Reason and emotion" was a Disney-made war time propaganda feature that tried to establish the "Mind over Matter" idea. Where do you think they got it wrong?

See.jpg Security Engineering 2nd Edition

ISBN: 978-0-470-06852-6

Author: Ross Anderson

Release year: 2008

Number of pages: 1040

Score: xxx/100

Review: Coming soon.