The scientific method is 7 steps. They are:
- Ask a question
- Perform research
- Establish your hypothesis
- Test your hypothesis by conducting an experiment
- Make an observation
- Analyze the results and draw a conclusion
- Present the findings
These same steps can be applied to cybersecurity. The question being asked is “is this site/device secure?” The research would be to pen test and use a variety of other methods to see if it can be hacked. Your hypothesis would be a security patch or firewall that would prevent whatever method you discovered of getting into the system. Testing your hypothesis would tell you whether or not your security works. The observation would be of the data’s integrity. You would look at the results so that you could see how effective your security is and if a similar problem could arise elsewhere. You would then present your findings to a higher up to either receive funding or get the go ahead on new policies.