Anthony Thompson
Professor Diwakar Yalpi
CYSE201S
November 29th 2023
Career Paper
Cybersecurity is a burgeoning field that is expected to play a major role in society over the coming decade. As advancements in technology accelerate, so does the need to protect the systems that rely on them. While some may view the field as strictly a technical discipline, requiring only on an expert command of computers systems and networks, this is far from the case. Cybersecurity is much more than the technology that it centers around. Experts must apply concepts and knowledge from a wide range of disciplines that broadly span the social sciences.
Here, I’ll examine some of the areas of research that cybersecurity draws upon and show the critical nature of social science research within the industry.
Research Methodology
The first concept that cybersecurity experts can apply is an understanding of research to begin with. Drawing on scientific research requires the ability to navigate journals and analyze them from an educated position. One first must understand the core concepts underlying the scientific method, research methodology and a familiarity with operational definitions. While gaining this understanding may not deliver any insights specific to cybersecurity, it provides the knowledge base required to engage with concepts that do. Once an adequate familiarity with research concepts has been established, social science disciplines can be applied by a cyber professional.
Psychological Theories
An area that one might not readily associate with cybersecurity is psychology. However distant this field may seem from protecting computer networks, concepts and research from psychology play a vital role in understanding and mitigating cybercrime. A theory is “a system of constructs (concepts) and propositions (relationships between those constructs) that collectively presents a logical, systematic, and coherent explanation of a phenomenon of interest within some assumptions and boundary conditions”(Bacarach 1989).
Many theories are borrowed from psychology to characterize, profile, and understand cyber offenders and their behavior. These include but are not limited to cognitive, behavioral, psychodynamic and personality theories. Each of these has its own methodology and approach to understanding human behavior through a psychological lens. Cognitive theories, for examples, focus on the way that people think and process information.
A specific cognitive theory, called Neutralization theory, examines the way individuals rationalize criminal behavior despite an inherent understanding of right and wrong. These criminals justify their actions by denying culpability, attributing blame to victims, appealing to the greater good etc. Cybersecurity as an industry, relies on research in this area to profile cybercriminals and understand their motives and behavior.
Behavioral and Social Learning Theory are two interrelated psychological theories that can be used to explain the actions of cyber criminals. These theories place emphasis on environmental input, stating that one learns from their surroundings. Children from underprivileged backgrounds are more likely to experience mal-adaptive, dysfunctional behavior in their environment. These theories help explain how at-risk children have a higher risk of learning these behaviors, predisposing them to criminal behavior. These insights can help us understanding the underlying factors driving cyber-criminality, as well as how to understand the risks associated with marginalized communities.
Human Factors
This is an area of social science research that explores how humans interact with systems and environments. Gaining this understanding can optimize these interactions and improve their function. This concept is extremely important with respect to cybersecurity. NIST (National Institute of Standards and Technology) estimates that last year, about 35 percent of cybersecurity data breaches were attributable to human error. This illustrates the importance of understanding the roll humans play in cybersecurity infrastructure and systems. Without addressing this human element, the task of protecting systems from cyberattack becomes nearly impossible. Researchers in this area have created strategies and templates for understanding the impact of human error and ways to address it within an institution. Cybersecurity professionals apply these concepts in their efforts to secure systems. Training staff in cybersecurity best practices and how to spot suspicious behavior can be a crucial difference maker in mitigating a costly breach.
Criminology
Criminology is a well-established field within the social sciences. This discipline studies crime and criminal behavior using an interdisciplinary approach. These concepts are used by cybersecurity professionals at various levels, including experts who help craft legislation.
One concept within criminology, Deterrence Theory, assesses the impact of consequences on criminal behavior. Usually measured by certainty, severity, and celerity, criminologists asses how the threat of punishment can deter criminals from offending. According to research, serious and swift consequences can prevent potential crime from happening as criminals weigh the risks of their actions. These same principles can be applied within a cybersecurity framework. Cybersecurity experts work with lawmakers to craft legislation around cyber-offending. Effective legal infrastructure signals a high cost to potential criminal behavior, thereby deterring crime.
Another way that criminology concepts can be applied to cybersecurity is trend analysis. Technology is dynamic and rapidly evolving. As too, are the methods of exploiting it. To adequately meet the cybersecurity needs of an institution or society at large, experts must spot trends in cybercrime. Analyzing data and case studies can help cyber professionals stay up to date on attack trends and prepare for them as necessary. This doesn’t just include the technical methodology of attackers, but also the changing nature of popular targets.
Conclusion
The discussed concepts are by no means an exhaustive list. To fully address the impact that the social sciences have on cybersecurity would take a much longer paper. This stresses the importance of recognizing that cybersecurity is truly an interdisciplinary endeavor that requires knowledge from a wide range of areas. Having this comprehensive understanding helps one view each aspect of their job in context, as the part of a larger system of ideas and concepts. With the bigger picture in view, a purposeful and informed approach to each professional task can occur. Overall, this allows for a better understanding of what is required of the profession. Professionals that address the macro environment, directly apply concepts from research while forming policies for institutions and advising legislation. This is a different way of drawing on social science research but equally important. The social sciences will continue to play a vital role in professions within cybersecurity.
References
Bacharach, S. B. (1989). “Organizational Theories: Some Criteria for Evaluation,” Academy of Management Review (14:4), 496-515.
Cybersecurity – the human factor – NIST computer security resource center. (n.d.). https://csrc.nist.gov/CSRC/media/Events/FISSEA-30th-Annual-Conference/documents/FISSEA2017_Witkowski_Benczik_Jarrin_Walker_Materials_Final.pdf
Deterrence theory in criminology | definition & effectiveness. (n.d.-b). https://study.com/academy/lesson/deterrence-in-criminology-definition-theory.html
Pelz, P. B. (n.d.). Research methods for the Social Sciences. Chapter 4 Theories in Scientific Research | Research Methods for the Social Sciences. https://courses.lumenlearning.com/suny-hccc-research-methods/chapter/chapter-4-theories-in-scientific-research/