
Schneier on Security: Fear and Overreaction - billpg
http://www.schneier.com/blog/archives/2009/11/fear_and_overre.html
======
tptacek
This is an analysis of risk that ignores cost.

    
    
      (P=0.000001 * $10,000) !=
      (P=0.000001 * "Death")
    

It also, predictably, ignores a key externality: if you stay in your hotel
room and there's actually a serious fire, there's a decent chance you'll kill
a firefighter or two as well.

------
splat
His anecdote at the end reminds me of the fire alarms at my college dorm. My
freshman year the dorms had been renovated and the new fire alarms had been
set to be far too sensitive. For the first three weeks after we moved in the
fire alarms went off at least once every two days. It got to the point that
they started being called the "everything's okay alarms" and people would just
ignore them as best they could when they went off. Thanks to those fire
alarms, our emergency plan for a real fire in the dorms was to have someone
run through all the hallways shouting "There's actually a fire this time!!!"
Sometimes overly secure systems are worse than no security at all.

