Explain how the principles of science relate to cybersecurity.
Relativism
In some way or another, every industry works with valuable and sensitive data on the internet. This makes this data vulnerable to hackers. Thus, they all must rely on the same cybersecurity principles to protect their data. Since nearly every industry relies on cybersecurity, everything is related to each other by the fact that they all have data that needs to be protected by the work of cybersecurity professionals.
Objectivity
Cybersecurity professionals must act objectively when doing research. The goal of research is to simply gain knowledge, not share an opinion. One barrier they must overcome is to avoid making value judgements, which is a judgement of whether something is good or bad, because such judgements may influence them to make false conclusions. Instead of being driven by facts, value judgements are driven by feelings. Feelings do not change whether something is true or false. Only the client who hires the professional is able to make such judgements. They determine what needs the most protection and what doesn’t. The professional only can determine what is the best way to enforce those protections.
Parsimony
This principle is the most important for the sharing of domain knowledge. In order to inform others of the latest cybersecurity knowledge, cybersecurity professionals must explain the concepts as simple as possible to each other. Without this, the field of cybersecurity may never advance, since advancements are only possible if everyone understands the concepts behind it so that they can collaborate to create something new. After all, it is a race against time with hackers and if such advancements in knowledge are inaccessible to the researchers behind particular systems, then those hackers may be able to take advantage of those systems before the new knowledge is understood and applied.
Empiricism
Empiricism is the principle is that true knowledge can only be verified by one’s senses. Cybersecurity professionals must make decisions based on empirical knowledge since sensitive data and potentially lots of money are at risk. By doing the opposite – making decisions based on assumptions or guesses – these blindspots in knowledge are left open for hackers to take advantage of. This principle leads professionals to ask themselves whether or not their protections are actually effective or not, and to measure their effectiveness in order to verify their practices are objectively safe.
Skepticism
An important principle in cybersecurity is to always remain skeptical toward all knowledge. For if there is one important skill that a hacker relies on, its manipulation. Manipulation can only be countered with skepticism. For instance, hackers rely on scams to trick people into inadvertently exposing their sensitive data. The target or professional must be skeptical towards the contents of the scam before taking action. This ensures that the user takes an action that won’t activate the hacker’s trap, and instead they may recognize it as a scam.
Ethical Neutrality
This principle is important for getting cybersecurity professionals to be mindful of and reduce harm when conducting their work, while still being objective of course. Ethical neutrality is what separates cybersecurity professionals from hackers. Such professionals have an obligation to protect the rights of individuals by protecting their data. Hackers, on the other hand, act without ethical neutrality when they steal data, since they violate the code of ethics that the professionals follow.
Determinism
Determinism states that all events are the product of prior events. Cybersecurity professionals use this principle in order to create models that allow them to predict future threats. There are many different types of attacks hackers use, and they also depend upon the context in which they are used. Using this principle, professionals must pay attention to warning signs of these attacks in order to be able to anticipate them. For instance, if the potential victim is a political organization, then the hackers might have an ideological issue with the organization. Possibly, they are just trying to send a message. Thus, the professional must enforce extra protections on the live broadcasting systems.