Cybersecurity is an applied science. That is, people in the field often apply known facts and scientific discoveries to create useful applications, often in the form of technology. The principles of science can be applied to the study of cybersecurity through a social science framework. The science principles include relativism, objectivity, parsimony, empiricism, skepticism, ethical neutrality, and determinism.

Relativism refers to all things that are related. The technological changes will reflect in behavioral dynamics, economic decisions, policy-making, and social processes. Also, those changes will lead to changes in the cybersecurity field.

Objectivity means the way that scientists study topics in a value-free manner.  It is critical that those studying cybersecurity from a social science perspective be objective in doing their research. 

Parsimony refers that scientists should keep their levels of explanation as simple as possible.

Empiricism means that social scientists can only study behavior that is real to the senses (e.g., we can touch, see, taste, hear, or smell it). In the cybersecurity field, we can’t, and shouldn’t, rely on opinions or hunches to frame our understanding of cybercrime and cybersecurity.  Doing so would potentially lead to erroneous conclusions that would have little value.

Ethical neutrality refers to the fact that scientists must adhere to ethical standards when they conduct their research.  Studying cybercrime through a social science lens creates numerous opportunities for exploring ethical issues.

The concept of determinism means that behavior is caused, determined, or influenced by preceding events.