Psychology Based Attacks and Behavioral Economics

Appreciating the Concept of Security Engineering
In the book ‘Security Engineering,' Ross Anderson does an in-depth look at the various systems that are needed to deal with either malicious behavior, mishaps or erroneous behavior. It is a field that cuts across and utilizes the expertise of other subjects such as economics, cryptography, and psychology to ensure that a well-rounded result is achieved. It is imperative to note that while the definitions of a system differ from organization to organization, the implications they have on security engineering is quite significant. In the first chapter, the author discusses four examples of environments that use security engineering; they include a home, hospitals, banks and military bases. Thus, the very processes that go towards maintaining privacy and a sense of confidentiality for people need to be up to date and adapting to the technological times to deal efficiently with any threat that may arise.
In a home setting, one of the systems used is an electronic banking system to either pay bills or monitor the status of the accounts owned by the occupants. These accounts often need encryptions to prevent theft and maintain security through determining the identity of the user. Additionally, cars often have electronic immobilizers, which send a signal to the car to authenticate its owner before it can genuinely start (Anderson, 2013). There are various technologies used to generate and maintain the fidelity of that signal and ultimately, it ensures that car thefts are kept to a minimum. Alternatively, mobile phones have become harder to clone because of the cryptography set in place by security engineers, leading to fewer bills in buying new mobile gadgets. Finally, satellite television often depends on pre-paid signal boxes which decipher the titles of the home owner’s favorite movie or show. When all these factors are combined, they offer the effect of safety and security, which under the right advice and assurance, achieves the true meaning of security engineering.
However, criminals have grown better in thinking, adapting methodologies such as phishing to gain access to people’s funds. Mostly, this is a step into the field of psychology since the offenders have to trick unknowing users to input their bank account passwords to a fake page, which allows them access to the user’s real account (Anderson, 2013). Whereas training a worker against falling for such gimmicks, addressing the common man on efficient scale is a challenge. Sometimes, there is a false sense of trust in each other which lulls the thought of theft; a vice shunned in the Bible (Exodus 22:22, The New King James Version). Whereas some may think of systems as simple machines, Ross Anderson insists that they have to include the user (human error). Thus, security engineering and the various systems that go toward ensuring safety have to adapt to such socially engineering attacks by sensitizing bank user against clicking broken links.
Regarding flow and organization, the book, in comparison to other editions, is simply one of the most comprehensible and easy to read literary works that discuss such as a complex topic. The author engages his audience through well-detailed examples that take a systematic approach in analyzing the various security systems that are in place around the world. The use of real-life examples also helps in condensing the topic and making it not only familiar to the audience but understandable as well. Due to Anderson’s grasp of the topic, there is never a dull moment in the book, but instead, a series of informative and information-intense sub-topics that cover the entirety of the security-engineering field. For instance, he dedicates the completely second chapter in assessing the impact of psychology in modern-day security protocols and authentication procedures.
Most of the data presented in the article are sub-divided into clear sub-topics, keeping the reader hooked without pushing them away due to extensive paragraphs. Initially published in 2001, the book has been re-mastered and re-designed for a new audience in its second edition, a fact that looks into new technologies as they develop. Moreover, the relevance of the topic discussed is seen in every faction of life, making it a must-read. In today’s society, a security engineer has to assess the amount of risk available before advising their client on the measures they should take with their security (Schneier, 2012). In the book, these steps and guidelines are listed, showing how much the material is factual and its ties to the field at large. Its execution is relatively perfect without any visible shortcomings or limitations regarding the writing.
For people who are interested security engineering, this book is the best at providing the necessary information without piling on any jargon. Its results and analysis speak for itself, exhibiting evidence of the genius that is Ross Anderson. It is a recommended read for everyone interested in maintaining his or her privacy in the modern technological world. In conclusion, many of the sentiments expressed in this book aim at minimizing confusion and helping to anyone who wish to understand the field of security engineering. Its organization and arrangement show mastery of the field and an innate desire for articulation. In summation, these elements contribute to one of the most brilliant books of the century about relevant security measures.


References
Anderson, R. (2013). Security engineering (second ed., pp. 3-624). Hoboken, N.J.: Wiley.
Schneier, B. (2012). The Importance of Security Engineering. IEEE Security & Privacy, 10(5), 88-88. http://dx.doi.org/10.1109/msp.2012.132