I recently read Daniel Gilbert's Stumbling on Happiness (I blog briefly about it here), which got me to thinking about the tricks the brain plays on us and how this might apply to security. Interestingly, not long after that Dr. Bruce Schneier posted a paper titled The Psychology of Security, which he presented at the 2007 RSA Conference. In reading through his paper, I found a considerable amount of similarity with Gilbert's book, which was interesting. More interesting, however, were insights I've gained into how we as infosec practitioners might be able to better present security concepts to consumers and customers so that they'll welcome what we offer, rather than resist security improvements.
Following are my notes from reading Schneier's paper, plus some additional follow-up.