The foundation of the natural and social sciences is built on seven principles: Relativism, Objectivity, Parsimony, Empiricism, Ethical Neutrality, and Determination.

The principle of Relativism is the concept that all things are related. Regarding cybersecurity, an example of Relativism is understanding that technological advancements will influence changes to the economy, policy-making, societal norms, and social processes.

The Principle of Objectivity refers to making decisions based on evidence and best practices rather than personal feelings or external pressures. In cybersecurity, you must be able to study or research a topic without focusing on your opinion but instead on the facts and evidence.

The principle of Parsimony simplifies an explanation or process. While Parsimony is easier to apply to the natural sciences, it becomes a little more challenging to apply it to cybersecurity since many processes can’t be simplified.

The Principle of Empiricism is the practice of making observations of behaviors that are real to the senses (what we can Touch, See, Taste, Hear, and Smell). Empiricism applies to cybersecurity because social scientists believe that knowledge should be gained through Empirical research and not based on opinions to practice our disciplines.

The practice of Ethical Neutrality refers to the fact that scientists must adhere to ethical standards when they conduct their research. Ethical Neutrality comes into play when protecting the rights of individuals under observation. With cybersecurity, this practice comes into play when companies gather information on their consumers. They must determine what information is ethically moral to keep and distribute and which is too sensitive to collect.

The Principle of Determinism refers to the concept that behavior is caused, determined, or influenced by preceding events. Within cybersecurity, this concept can be applied to computers, which are deterministic by design. Because of this, if there are any infrastructure flaws or security weaknesses, one can assume that hackers will eventually hack the system.