#1 Spot for Defeating Online Exams

rational-astrologies-and-security
Ad description

John Kelsey and I composed a brief article for the Rossfest Festschrift: “Rational Astrologies and Security“:

There exists another non-security manner in which designers can allocate their security budget: toward simplifying their own tasks. A number of these fall into what has been referred to as rational astrology. First recognized by Randy Steve Waldman [Wal12], the concept pertains to something individuals perceive as functional, typically for social or organizational reasons, even in the absence of substantial proof that it actually works—and occasionally despite robust evidence to the contrary.

[…]

Both security theater and rational astrologies may appear illogical, yet they are logical from the viewpoint of those making decisions regarding security. Security theater is frequently influenced by information asymmetry: individuals lacking an understanding of security can find comfort in superficial or psychological measures, and at times that reassurance holds significance. This can be elucidated more clearly by contemplating the various non-security objectives of a security system. A tracking bracelet system linking new mothers and their infants may represent security theater, given the extraordinarily rare occurrences of abductions from hospitals. Nevertheless, it is justifiable as a security measure intended to alleviate the anxieties of new mothers [Sch07].

Rational astrologies in the domain of security arise from two factors. The initial is the principal-agent dilemma: The motivations of the individual or entity making the security determination are not invariably in harmony with the motivations of the system’s users. The welfare of the users may not carry as much weight in the developer’s considerations as the challenge of persuading their supervisor to take a risk by bypassing an obsolete security regulation or experimenting with some new technology.

The second factor that can give rise to a rational astrology is when there is a societal or institutional demand for a resolution to an issue for which there is, in fact, no particularly effective solution. The organization is compelled to assure regulators, clients, or perhaps even a judge and jury that “they did everything possible” to prevent a particular issue—even if “everything possible” wasn’t very extensive.

Staff SEO Expert

Leave a Reply

Your email address will not be published. Required fields are marked *

Share This