What does it mean that I’m looking at information security from a social science perspective? Well, according to good old Merriam-Webster, social science focuses on the functioning of human society and interpersonal relationships. More importantly, it is a science using rigorous, methodical examinations of questions and phenomena. In saying that I’m taking a social science approach, or bringing a social science perspective, to issues of information security, I’m saying that these issues need to be examined in terms of how they are social phenomena, how interactions between people influence these issues, generally bring in the human side of these issues. This most commonly comes from the application of theories from social sciences like psychology and communication to these issues but also comes through how I answer new questions on my own.
In graduate school I focused heavily on method, on learning how to conduct rigorous research. I use qualitative methods which include interviews, focus groups, textual analysis, etc. to answer my research questions. I do have some experience with questionnaire design but have little to no experience with experimental design. I know how to read experimental studies, of course, but I can’t design and run a study myself. My work in this area so far has been in the form of textual and discourse analysis. I’ve been looking at news articles, public statements, and lawsuits for commonalities.
Photo 1: not my kind of science; Photo 2: a better representation of my work
These first posts were meant as an introduction to me, my field, and how I work. Next post is going to be a case study. I’ve already written a full-length research paper about this case (hopefully to be published soon) but I’ll give an overview of my findings about the case and what I think it means for information security communication.