Prompt: Explain how the principles of science relate to cybersecurity.

The six scientific principles discussed in module 2 of this course are as follows: relativism, objectivity, parsimony, empiricism, ethical neutrality, and determinism. Each of these six principles can be used to impact cybersecurity meaningfully. For instance, there are several ways that relativism can be used to analyze cybersecurity. Because of how widespread information systems have become, they are intertwined with many aspects of society, such as education, economies, healthcare, criminal justice, and politics. As a result, a change in the infrastructure underlying and supporting these social systems or a cyberattack on them could cause significant harm to society.

Objectivity relates to cybersecurity in how secure solutions are developed and implemented. A cybersecurity analyst or network architect must rely on hard data and real solutions outcomes to decide which ideas work best for securing their information systems. If cybersecurity professionals lack objectivity in their decision-making, they may make less secure implementations by choosing ideas they are partial to for inconsequential reasons, such as liking an idea simply because they came up with it. This could prevent a person from choosing an implementation proven to work best in a given situation. 

Parsimony is the scientific principle that a scientist should strive to make their explanations as understandable as possible while accurately relaying their findings. This can be related to cybersecurity in a social context, given that human error causes more than 80% of cybersecurity breaches (Ackerman, 2023). Many of these breaches might been prevented if cybersecurity professionals considered parsimony and created easy-to-understand solutions and explanations that even technical laypersons could understand. If everyday people can understand the importance of cybersecurity and how their actions can negatively impact it, they might be more willing to take cybersecurity seriously. 

Empiricism is the concept that a scientist should only study what can be observed with the senses. By doing so, scientists can come to conclusions that accurately describe how the world functions instead of creating ideas that do not reflect reality (Bhattacherjee, 2012). Empiricism can be helpful to cybersecurity researchers because they can use it to observe real-world scenarios and how people interact with information systems. Using the information gathered from empirical studies, the researchers can tailor cybersecurity recommendations to real people’s reactions. As a result, these recommendations would be more likely to be effective than those based solely on hypothetical scenarios. 

Ensuring ethical neutrality is also essential when researching cybersecurity issues. When studying the behaviors and habits of subjects, treating them ethically would enable researchers to learn from the subjects while respecting them and not violating their rights as research subjects. If researchers do not uphold ethical neutrality, they may skew the data they collect or make it so that subjects would no longer be willing to participate in studies. As a result, the information needed to make effective decisions in cybersecurity would not be available. 

Finally, determinism can also be applied to cybersecurity similarly to parsimony. If a person does not have prior experience or education in proper cybersecurity etiquette, they likely make poor decisions online because they are unaware of the potential consequences. Additionally, if a person has security software, such as Norton or Microsoft Defender, on their personal computer and only browses websites that are well-known and generally safe, they may not have experienced any cyberattacks. Because of this lack of awareness of the true dangers of the internet, a person may assume that they are safe on the internet without needing to take cybersecurity precautions consciously. In other words, a person’s mostly safe past experience with information systems may lead them to disregard security policies while using an employer’s equipment.

References

Ackerman, R. (2023, August 2). Just why are so many cyber breaches due to human error?. Security Today. https://securitytoday.com/articles/2022/07/30/just-why-are-so-many-cyber-breaches-due-to-human-error.aspx

Bhattacherjee, A. (2012). Social Science Research: Principles, Methods, and Practices. Anol Bhattacherjee.