Information Security Analyst and Social Science

            Information Security Analysts protect an organization’s network against cyber threats and attacks. Information security Analysts is an important career within cybersecurity that is deeply intertwined connection with social science principles and research. Social Science research is important to an Information Security Analyst. Social science research including human behavior, ethics, and laws and policies all play a major role. An information security analyst must understand why an individual does what they do. Having a complex understanding of human behavior can assist an analyst in attempting to uncover an issue or motive to help defend a system. “Social cybersecurity is distinct from cybersecurity. Cybersecurity is focused on machines, and how computers and databases can be compromised. In contrast, social cybersecurity is focused on humans and how these humans can be compromised, converted, and relegated to the unimportant. Where cybersecurity experts are expected to understand the technology, computer science, and engineering; social cybersecurity experts are expected to understand social communication and community building, statistics, social networks, and machine learning (Carley, 2020).” Cybersecurity isn’t only about machines and Information Security Analysts must also understand an individual’s behavior and why they are breaching a system. Ethics is an important principle in Cybersecurity. Knowing and performing ethical work upholds the integrity of the position. Performing unethical actions such as accessing individuals’ private information or leaking data can make the public lose trust in Cybersecurity. Knowing what is and isn’t ethical is a keystone of an Information Security Analyst. Researching new and existing laws and policies is important for an Analyst. The laws and policies allow what an Information Security Analyst can perform on the job and what types of work they can perform. Laws and policies are also set for the defensive actions a company can take and how they can prevent unauthorized access to networks and systems. The research methods allow for an Analyst to perform honest and effective work by understanding how individuals work and why they attack while maintaining the integrity of the position. Information Security Analysts use social science principles such as psychology and the scientific method. Psychology is important for anyone within the cybersecurity field. Understanding an individual and how and why they think can help protect against attacks. Knowing what type of attack and understanding where the attack is coming from is an important aspect of the job. Psychology is useful as it studies human behavior and cultural impact. Individuals’ behavior and their culture integrate within the position. An information security analyst will perform differently depending on the culture of the individual. Understanding why a motive of an individual can assist in understanding to defend data or financial information for an analyst. “In social cybersecurity, theories and methods go hand-in-hand. Hence associated with the BEND theory is a methodology for empirically assessing which maneuvers are being used and for measuring the impact of social media communication research, planning, and objectives (Beskow and Carley 2019). The BEND framework thus has associated with it a set of methods and tools for looking at who engaged in what information maneuvers directed at whom with what impact (Carley, 2020).” As an Analyst understanding that research and methods are related will assist an individual in performing and defending a network. Using the scientific method is a valuable method that analysts use to protect a network. Using the scientific method analyst will observe the problem, ask a question about the action or defense, experiment on the correct defense and identification methods, analyze the data, and draw a conclusion as to whether the experiment was successful. The scientific method is effective in allowing an analyst to break down an issue and defend a network. The social science principles of psychology and the scientific method are effective in allowing an Information Security Analyst to perform their day to day duties in defending against cyber threats and attacks.

            Information Security Analysts have to be familiar with criminology, social engineering, risk and behavior, field studies, and cybercrime. Criminology is the study of crime and criminals focusing on characteristics, causes, and remedies. This is an important concept for an Information Security Analyst. They need to understand the characteristics and capabilities of an attacker and how to stop them. Criminology is integrated within the career field as a key task. Criminology assists with the overall position and is used daily to identify and solve attacks and breaches of networks. Social engineering is an individual that seeks information to steal information. It is concluded of four stages including information gathering, relationship development, relationship development, and execution. Information security analysts must defend against social engineering. An analyst must defend a network against breaches and attacks, which social engineering uses as a threat to the networks. They must also educate individuals against giving out information that allows threats to occur. An analyst must understand modern social engineering methods, understand their tactics, respond to attacks, and assist in upholding new policies to prevent social engineering. “Social engineering is widely considered to be one of the most significant contemporary threats to information security (Steinmetz, Pimentel & Goe, 2019).” Social engineering is a threat that Information Security Analysts must understand and defend against. The individuals who use social engineering are influenced by their cultures. “Drawing from the work of Mikhail Bakhtin (1981), we argue that the concept of “social engineering” is part of a linguistic heteroglossia that reveals the subcultural values and ideologies of its practitioners which are underpinned by a computational or mechanistic worldview (Steinmetz, Pimentel & Goe, 2019).” It is important for an analyst to use social science concepts to identify the crimes of different cultures. Risk and behavior is a concept that an analyst must be familiar with. Individuals’ behavior can increase the risk of a breach or attack. While working for an organization, the employees risk or unknowingly leaking data or information photos can leak to breaches. Information security analysts must actively work to mitigate risks. They must inform and train employees of organizations and minimize unnecessary risk that occurs. They must identify the behavior that leaves networks open to breaches and help prevent future risks that may occur. Risk and behavior is an important concept that all Information security analysts must perform daily. Risk and behavior are closely tied to criminology methods. Field studies are a necessary concept used by analysts. The three field studies used by analyst are traditional, cyberspace, and honeypot field studies. Information security analysts use traditional field studies to go to events that showcase modern hacker events. Traditional field studies allow analysts to keep up to date against modern attack methods. Cyberspace field studies assist analysts by messaging attackers directly to understand cyber behaviors. This is important for analysts to understand why and how attacks occur to defend against them. Honeypot field studies are important as it allows for Information security analyst to create a space where they can observe how trespassers interact. This is valuable knowledge and experience for an analyst and is useful in protecting networks. Cybercrime is the most important concept that an information security analyst must be familiar with. The career only exists due to cybercrime and it is the main mission of the position. Analysts must actively defend against all types of cybercrimes. Cybercrime is what influences all security methods and an analyst must keep up to date with modern technologies and methods to identify and solve threats to the networks they defend. Information security analysts must be familiar with the concepts of criminology, social engineering, risk and behavior, field studies, and cybercrime. These concepts are keystones of an analyst’s job duties and have to be familiar with them as they are used daily for an analyst to perform their duties effectively.

            Information security analysts relate to marginalized groups and society. Information security analysts relate to protecting sensitive information, online education, and protecting against misinformation. Analysts protect the sensitive information of all individuals. This allows the public to have the trust of cybersecurity professionals and allows individuals to have their information secure. Analysts assist in data privacy and maintaining online privacy rights which relates to everyone in society that has personal information stored on the internet. Analysts perform online education including cyber awareness. Cyber awareness assists marginalized groups such as seniors who are increasingly targeted by scams and misinformation. Increasing awareness gives an opportunity for individuals in society to remain secure and safe. “The rallying cry of “fake news” as tauted by former President Donald Trump was an influential factor in his 2016 electoral victory. It is well-documented, however, how misinformation was actually a tool in galvanizing the former president’s base: the misinformation used by his campaign was not only successful in getting him elected to office but it also showed to be powerful in fueling negative rhetoric toward political opponents, marginalized groups and even encouraged acts of violence (Dwoskin and Timberg, Reference Dwoskin and Timberg2021; West, Reference West2021).” Misinformation is an evolving threat that analysts must detect and prevent. Misinformation is being used in everyday life including elections, leaving our society open to false information that can lead to violence. Information security analysts are in a key position in protecting and defending the individuals of our society against attacks and misinformation.

            Information security analyst use social science principles in their daily routines to protect and defend networks. They use social science principles and research to efficiently perform their job duties and defend all individuals of out society against threats that they aren’t aware of. An information security analyst is an extremely important position within society that works in the shadows to keep the integrity of our data and privacy safe.

References

            Abrajano, M., Lajevardi, N., & Uribe, L. (2024, January 15). Context, contact, and misinformation about socially marginalized groups in the United States: Journal of Race, ethnicity, and politics. Cambridge Core. https://www.cambridge.org/core/journals/journal-of-race-ethnicity-and-politics/article/context-contact-and-misinformation-about-socially-marginalized-groups-in-the-united-states/E3EBAFE2A5517EAF06E7F8B42678B0BB

             Carley, K. M. (2020, November 16). Social Cybersecurity: An emerging science – computational and mathematical organization theory. SpringerLink. https://link.springer.com/article/10.1007/s10588-020-09322-9

             Steinmetz, K. F., Pimentel, A., & Goe, W. R. (2019a, September 16). Decrypting Social Engineering: An analysis of conceptual ambiguity – critical criminology. SpringerLink. https://link.springer.com/article/10.1007/s10612-019-09461-9