Pro­fes­sor of Secu­rity Engi­neer­ing at the Com­puter Lab­o­ra­tory, Uni­ver­sity of Cam­bridge, Ross Ander­son, has com­piled a com­pre­hen­sive resource page on the psy­chol­ogy of risk and secu­rity. The resources them­selves are divided into seven sec­tion, to wit:

  • Intro­duc­tory Papers
  • Decep­tion
  • Secu­rity and Usability
  • Social Atti­tudes to Risk
  • Behav­ioural Eco­nom­ics of Security
  • Mis­cel­la­neous Papers
  • Other (Con­fer­ences, Websites/Blogs, Books)

From the introduction:

A fas­ci­nat­ing dia­logue is devel­op­ing between psy­chol­o­gists and secu­rity engi­neers. At the macro scale, soci­etal over­re­ac­tions to ter­ror­ism are founded on the mis­per­cep­tion of risk and uncer­tainty, which has deep psy­cho­log­i­cal roots. At the micro scale, more and more crimes involve decep­tion. […] Secu­rity is both a feel­ing and a real­ity, and they’re dif­fer­ent. The gap gets ever wider, and ever more important.

At a deeper level, the psy­chol­ogy of secu­rity touches on fun­da­men­tal sci­en­tific and philo­soph­i­cal prob­lems. The ‘Machi­avel­lian Brain’ hypoth­e­sis states that we evolved high intel­li­gence not to make bet­ter tools, but to use other mon­keys bet­ter as tools: pri­mates who were bet­ter at decep­tion, or at detect­ing decep­tion in oth­ers, left more descen­dants. Con­flict is also deeply tied up with social psy­chol­ogy and anthro­pol­ogy, while evo­lu­tion­ary expla­na­tions for the human reli­gious impulse involve both trust and conflict.

via Schneier