This is cache of http://www.veracode.com/blog/?p=74. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Overcoming Bias: The Affect Heuristic
2008-01-03 21:32:58 by Chris Wysopal in Zero in a bit
 

This article on the affect heuristic was posted to the Security Metrics mailing list (highly recommended). I think it is important for people who are reporting on the potential risks of a system to understand this psychological phenomenon. It shouldn’t be dismissed as simply people are irrational and don’t understand statistics.

People believe that benefit and risk are intertwined. They think a highly beneficial thing is also a less risky thing even though you can have low risk and high risk things, both with great benefits. People also don’t know how to calculate risk in percentages. Absolute numbers seem to resonate. Security professionals may be rational about security measurement and risk but we need to remember that we are often communicating this to people who aren’t.

 
Tags: simply people, low risk, people, risk, affect heuristic, highly beneficial, highly, security measurement, security metrics
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia