Career paper

Keeno Montalban

11/3/2024

CYSE 201S

Career Paper

Why do Security Analysts rely on social science research and principles?

Introduction

            A Security Analyst plays an important role in the world of cybersecurity, it’s responsible for monitoring networks, analyzing all security threats, and integrating protective measures to protect data and systems. Although it might appear that their work looks purely technical, it depends on insights from social sciences, such as psychology and sociology, which provides a vital understanding of human behavior, attacker motifs, and the societal impacts of new security measures. This document will showcase how social science principles are essential to the Security Analyst role, specifically in addressing the societal implications of cybersecurity and protecting marginalized groups.

Understanding the aspects Human Behavior

            The main aspect of social science is the concept of understanding human behavior, which is pertains to cyberthreats and attacker motifs. Security analysts apply insights from psychology and sociology to help identify and respond to patterns within user and attacker behavior. For example, phishing attacks that exploit psychological tendencies such urgency or trust (Carley et al., 2021)​​.  Social engineering attacks manipulate human vulnerabilities through cognitive biases and emotional triggers. Wang et al (2021) describes how attacks exploit these principles such as trust-building, authority and urgency to deceive these individuals. For example, attackers would pose as trustworthy figures, leveraging social norms like mutualism and helpfulness to obtain sensitive information through breaches in security policies. These insights undermines the importance of understanding psychological principles to counter such tactics. (Wang, Zhu, & Sun, 2021)

Cybersecurity within a Societal Context

            Cyber threats do not happen within isolation but rather are influenced by much a broader, social, cultural, and economic factors. By providing social science research to Security Analysts along with the ability to perceive threats, recognizing the motivations behind attacks can vary since it is based on cultural and geographic backgrounds. By understanding these concepts, it enables Security Analysts to anticipate and adapt to the diverse cyber risks. For example, attacks in a much more economically “lower” region may focus on financial fraud, while state-sponsored groups might take aim to undermine political stability (Brey, 2007). By recognizing these distinctions, it may help analysts to develop tailored strategies to isolate these risks.

Cyber Threats and Social Justic for Marginalized Groups
            Social principles help guide Security Analysts ethically, in navigating the societal impacts of cybersecurity. Brey (2007) puts an emphasis on the moral responsibilities of information security professionals, especially when it comes to ensuring that cybersecurity measures do not harm marginalized groups. For example, surveillance and data monitoring could negatively impact privacy rights, especially for the communities with limited access to any legal recourse or technological literacy. Analysts that are informed by these frameworks can vouch for equitable policies and practices

Conclusion

            The role of Security Analysts in cybersecurity expands way beyond technical tasks; it requires a solid foundation in social science principles to understand human behavior, recognizing these societal implication of cybersecurity measures, and ensuring ethical practices that account for all user groups. As cyberthreats evolve, interdisciplinary knowledge, specifically integrating social science, will remain important to developing effective and inclusive problem-solving skills.

Sources:

Wang, Z., Zhu, H., & Sun, L. (2021). Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities, and attack methods. IEEE Access, 9, 11895–11908.

Carley, K. M., Cervone, G., Agarwal, N., & Liu, H. (2021). Social Cyber-Security: An emerging scientific discipline.

Brey, P. (2007). Ethical aspects of information security and privacy. In Security, Privacy, and Trust in Modern Data Management (pp. 21-36).