Bruce Schneier just posted a really good explanation about "the difference between feeling and reality in security". It is one of those articles I wish I'd written. Not because there is a great new nugget of insight in it but because it explains some very basic problems in thinking about security so very well.
The gist of the article is that as people living in modern environments we can have a hard time accurately estimating realistic trade offs between risks and reward. When the world was closely resembling the world we had developed in as a species we were better at it. Our brains were supported by millions of years of evolution in correctly estimating the risk versus rewards of certain actions. There's food here and a lion, should I stay or run? The specimens who made bad trade-off calls died of hunger or lions. The ones making good calls had many babies.
The risk vs reward trade-off estimations have become a lot more complex in a hightech, globalised world. How much should we spend of keeping us safe from terrorism versus say, tripping on our wet bathroom floors? The fact that other parties have political or financial interest in making it harder for us to make good choices in these matter complicates things even further. As with many things critical thinking and good information are key to making better decisions. And don't worry, today those do not necessarily lead to many babies.
More of Bruce Scheiers thinking van be found on his blog and in his 2003 book 'Beyond fear' that can be read about here, read online here entirely and bought in dead-tree form here. I highly recommend it to anyone who needs to think about security issues, not just information security.
