Second SHB Workshop Liveblogging (1)

I’m at SHB09, the Second Interdisciplinary Workshop on Security and Human Behavior, at MIT. This is a two-day gathering of computer security researchers, psychologists, behavioral economists, sociologists, philosophers, and others—all of whom are studying the human side of security—organized by Ross Anderson, Alessandro Acquisti, and myself.

Here’s the schedule. Last year’s link will give you a good idea what the event is about—be sure to read Ross’s summaries of the individual talks in the comments of his blog entry—and I’ll be posting talk summaries in subsequent posts this year, hopefully as the event progresses.

EDITED TO ADD (6/14): My liveblogging of the eight sessions: 1, 2, 3, 4, 5, 6, 7, 8. Ross Anderson’s liveblogging is in the first eight comments of this blog post. Adam Shostack’s liveblogging: 1, 2, 3, 4, 5, 6, 7, 8. Matt Blaze recorded audio.

EDITED TO ADD (6/28): Attendee John Adams comments on the workshop.

Tags: psychology of security, Schneier news, security conferences

Posted on June 11, 2009 at 6:46 AM • 7 Comments

Comments

John • June 11, 2009 7:16 AM

“the human side of security ”

I’ve heard about them humans and think they should be banned as they seem to cause all the security problems.

Remember folks – attack the symptom not the problem 🙂

HJohn • June 11, 2009 8:45 AM

I’ve written a few articles about the human aspect, and I’ve incorporated human considerations into much of my work. It’s amazing to me how otherwise intelligent decision-makers have a blind spot when it comes to technology. They disregard the human tendencies of self-preservation, and the options they provide to users backfire because the incentive points to the opposite of what they would want the users to do.

mrwiggly • June 11, 2009 1:50 PM

Heh, crashing a security conference, oh the irony!

Pat Cahalan • June 11, 2009 2:54 PM

Even if you’re in the area, please don’t try to crash.

(cough, cough). Now, see, this is Bruce sneakily testing his new hypothesis that one can counter social engineering attacks with preemptive social engineering defenses.

Anonymous • June 12, 2009 5:28 AM

Only “Liveblogging”? Not Twitter?
You are soooo WEB 1.99999, Bruce!

Limnologist • June 12, 2009 9:11 AM

The inclusion of paper links is fantastic, I have some reading material for the weekend! Thanks so much for posting the links!

bethan • June 14, 2009 10:38 PM

now i have to log off, because i don’t have time to read all of this without failing my certification tests this week.

read a lot of the workshop posts/blogs from last year – really worth the time, and an awesome resource – just not right now!