Rational Life Predictions and Protection

AndyC 7 April 2025

Rational Life Predictions and Protection
Together with John Kelsey, I crafted a brief document for the Rossfest Festschrift: “Rational Life Predictions and Protection“:

There exists an alternative non-security method that creators can invest their sec

Rational Life Predictions and Protection

Together with John Kelsey, I crafted a brief document for the Rossfest Festschrift: “Rational Life Predictions and Protection“:

There exists an alternative non-security method that creators can invest their security funds in: simplifying their own lives. Many of these ideas fall under the umbrella of what is known as reasonable astrology. Initially recognized by Randy Steve Waldman [Wal12], this term indicates actions that are treated as effective, generally for societal or institutional reasons, even when there is limited evidence to support their effectiveness—and sometimes in the face of substantial evidence suggesting the contrary.

[…]

Both security acts and reasonable astrological methods may appear illogical, but from the perspective of those making the security choices, they are logical. Security acts are often motivated by a lack of knowledge symmetry: individuals who are not well-versed in security can be comforted with superficial or psychological actions, and at times, that comfort can be crucial. Understanding the multiple non-security roles of a security setup can shed light on this. For instance, a monitoring bracelet system that connects new mothers to their infants could be considered security theater, given the extremely rare instances of infant abduction from hospitals. Nonetheless, it serves as a security system crafted to allay the concerns of new mothers [Sch07].

Reasonable astrological practices in security stem from two factors. The first is the agent-principal predicament: the motivations of the individual or entity making the security decision do not always align with those of the system’s users. The well-being of the user may not be as significant to the developer as the challenge of persuading their superior to take a risk by disregarding an obsolete security protocol or trying out a new technology.

The second factor that may give rise to a reasonable astrology is when there is a social or institutional necessity for a resolution to a problem for which there is actually no particularly effective solution. The establishment must reassure regulators, clients, or even a judge and jury that they “did everything possible” to prevent a problem—even if what was done was not very effective.

Tags: , ,

Sidebar photo of Bruce Schneier by Joe MacInnis.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , ,

More Stories

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025

You may have missed

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025
4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.