Hello World,

Whilst starting my trek through the Old Dominion Cyber Security courses, an overarching idea was proposed, that being “cybersecurity is an interdisciplinary field”. The fields that cybersecurity pulls from are numerous and diverse, gathering from specialties like computer science and programming, to seemingly stranger sectors like manufacturing and law. One area in particular has outsized applicability to cybersecurity, that being the social sciences. There are a multitude of social science principles that can be applied to cybersecurity, those being objectivity, parsimony, empiricism, ethical neutrality, and determinism. This entry should briefly elaborate on the connection between these social science principles and cybersecurity.

The principle of objectivity, in my opinion, connects to almost every field. As cybersecurity professionals, decisions for security, device management, and framework policies should be taken in an objective manner, without bias or opinion. Objectivity in cybersecurity allows the best practices and policies to ‘rise’ to the top, with harmful or unnecessary actions being cast aside. Parsimony means to simplify. (Hopefully, I properly used parsimony there!) In all seriousness, parsimony is essential in the cybersecurity field to ease understanding of complex cyber subjects. For example, “I want an MDM policy to include a playbook to protect against SPIM, PUPs, RATS, as well as a COPE or BYOD model.” To most in a boardroom or organization, this makes zero sense. Rather, saying “I want us to decide if we want our employees to bring their own phones or if we purchase phones for them. We also need a plan to protect against malware.” streamlines communication and is more understandable. Empiricism as a principle means we must have empirical research. Empirical research in turn comes from well-documented, grounded studies without bias or hunches. Cybersecurity requires empirical research to best document threats, vulnerabilities, and security threats. System Information and Event Managers, or (SIEMS), rely on empirical data to better parse through traffic and locate threats for firewalls to deal with. A lack of Empiricism could result in threats flying under the radar, or legitimate traffic being blocked. (Personally, this is worse, inconvenience is worse than death!!!) Ethical neutrality ties in neatly with empiricism. Not only must cyber security analysts, cryptologists, and auditors adhere to tangible data, but they must obtain it in legitimate ways. For example, ethical hackers while conducting penetration tests or security audits follow strict guidelines to ensure the integrity of systems do not alter or destroy data. Failure to follow such procedures could result in information alteration or deletion. Lastly, determinism proposes that there is a “butterfly effect” for an individual’s actions, more specifically, previous actions influence future ones. In cybersecurity, many actions/incidents are caused by preceding events. Misconfigurations and human error can result in openings for malicious entities to exploit.