Cybersecurity Policy Analyst and the incorporation of Social Sciences
Introduction
The world is becoming more digital than ever before, and the need for cybersecurity is more vital than ever. Data leaks and breaches are occurring at an increasingly rapid rate, and we need to ensure that we are protecting our data. Cybersecurity Policy Analyst (CPA) is a career path that implements, reviews and research policies to ensure data is protected. CPAs rely heavily on social sciences as it needs to understand human dynamics and behavior to create cybersecurity policies that serve society equally, including marginalized groups. This essay will dive deeper into what a CPA does and how it incorporates social sciences into their careers.
What Does a Cybersecurity Policy Analyst Do?
A CPA is a type of cybersecurity role that oversees incorporating cybersecurity policies to mitigate risks. “Cybersecurity policy should guide firms towards implementing the most effective security controls and procedures” (Golder & Graham, 2024). Essentially, they create and suggest policies that companies or society should implement to prevent cyberattacks by researching and understanding what the most
effective policies would be, especially by studying human behaviors. Humans are the biggest risk factor in cyberattacks, as we are “both the greatest asset and the most significant vulnerability: the human factor. While technological advancements continue to fortify digital defenses, human behavior remains a pivotal element in determining the success or failure of cybersecurity measures. (“The human factor in cybersecurity,” 2024). CPAs need to research the social sciences understand the human factor to create the most effective strategies. Understanding social sciences allows CPAs to understand how humans interact with and behave toward technology. This understanding can be applied by CPAs on both sides of the coin. Cyber threats are evolving every day, and for CPAs, understanding the thought process behind human behavior allows for effective policies to be created. For example, in the case of cyberattacks like hacking, understanding what motivates attackers, whether it be money, notoriety, or the challenge will allow analysts to anticipate attacks and design policies most effective against them. On the flip side, understanding how human behavior responds to cybersecurity policies allows CPAs to create policies that are not only user-friendly but also effective. The challenges and opposition to cybersecurity are often tied to human nature, such as risk perception and social norms. CPAs will need to incorporate this knowledge by creating policies that are easy to adopt, user-friendly, and socially accepted.
Marginalized Groups
The broader impact of cybersecurity policies needs to be considered by CPAs. One of these impacts on society is the effect policies have on marginalized groups. For example, individuals who lack access to the internet, cybersecurity training, and other digital technologies may be more susceptible to exploitation through cyberattacks. CPAs need to consider all aspects of societal groups and incorporate policies that not only consider all parts of the community but also ensure there is no inequality or disadvantage for marginalized groups. Social factors such as status or wealth should not prevent anyone from accessing proper cybersecurity protocols. Other aspects to consider include data tracking or surveillance that might target marginalized groups. James Karanja a High Court Member from Kenya, talks about data collection in this article in the United Nation about how “the lack of data, disaggregated by race or ethnic origin, as well as by gender, age, and other factors, hides the disproportionate impact of certain laws, policies, and practices on racial or ethnic groups in all areas of life, from housing and education to employment, health, and the criminal justice system.” (Office of the United Nations High Commissioner for Human Rights, 2022) Data collection practices may be used to infringe on privacy rights and create discrimination. CPAs need to incorporate human rights and ethics to ensure policies that protect individual rights while maintaining the highest standards of cybersecurity.
Conclusion
In conclusion, Cybersecurity Policy Analyst need to incorporate social sciences to get a better understanding of human behavior to incorporate the most effective cybersecurity policies for society. These policies should be inclusive for all members of society and ensure equity, useability and acceptance. As humans’ integration with technology continues to evolve, Cybersecurity policies need to evolve with it to remain a key component.
References:
Golder, S., & Graham, H. (2024). Social media engagement in health and climate change: An exploratory analysis of Twitter. Environmental Research Health, 2(1),1–15. https://doi.org/10.1080/23738871.2024.2335461
Office of the United Nations High Commissioner for Human Rights. (2022, February). Better data collection bolsters human rights for marginalized people. https://www.ohchr.org/en/stories/2022/02/better-data-collection-bolsters-human-rights-marginalised-people
The human factor in cybersecurity. (2024, February 16). SecurityScorecard. https://securityscorecard.com/blog/the-human-factor-in-cybersecurity/