Define each of the principles of science in your own words. Then, give an example
of how each of the principles relates to cybersecurity.
Relativism
The principle of relativism in philosophy says that truth or moral values are not definitive. It all
depends on the context, culture, or perspective. In relation to cybersecurity this means that
policies, risk decisions, ethical standards, and legal expectations depend on the company.
Different organizations have different risk tolerances and threat models so there is no
one-size-fits-all way to implement cybersecurity. For example, a hospital and a tech startup
won’t treat the same security threat equally being that they have different priorities, budgets, and
regulations.
Objectivity
Objectivity is the idea that truth or judgement should be based on facts, evidence, and logic and
not someone’s personal feelings, opinions, or biases. This relates to cybersecurity in a variety of
ways including policy creation. Creating policies based on measurable risk, not just what feels
important.
Parsimony
Parsimony, also known as Occam’s Razor, means being simple and economical by using the
fewest assumptions or resources needed to explain or solve something effectively. In
cybersecurity when a problem comes up, it often has a simple explanation or solution, so starting
off simple and not assuming a more complex reason is preferred and often the right answer.
Skepticism
Skepticism is to be a skeptic and have a questioning attitude by not taking anything at face
value. This is an important trait to possess when it comes to cybersecurity because
hackers/scammers prey on the trusting nature of people to get them to reveal sensitive
information about themselves through phishing or other means.
Ethical Neutrality
Ethical neutrality as it relates to cybersecurity means approaching threats, users, and global
laws objectively and without moral bias. One’s personal feelings are put to the side in order to
observe and understand something as it is. In cybersecurity this can mean taking a neutral
approach to studying the methods and motivations of hackers without instantly condemning
them.
Determinism
Determinism is the belief that every action, decision or event is the result of a chain of prior
causes. This relates to cybersecurity by explaining how attacks, behaviors, and system failures
are not random but follow predictable patterns based on prior conditions. If a system has a
vulnerability (cause) which a hacker found and exploited (effect) because of a misconfiguration,
weak password, or an unpatched system (prior cause).