PreParanoia: Simon Foley
Simon Foley is a professor in the Department of Information Security and Communication Technology at the Norwegian University of Science and Technology. He is also associated with NTNU's Center for Cyber and Information Security, with support from the Norwegian National Security Authority.
Socio-technical constructionism in cyber security
Security is often characterised as an ongoing process of identifying and assessing threats, selecting countermeasures and checking their efficacy. In this framing of security as "what" and "how", it is easy to overlook "why". Why does this software component have repeated security vulnerabilities? Why is this VPN misconfigured? Why are threat information sharing procedures not always followed? Or simply, why is my system secure?
The user/developer often plays a central role in these questions, and we turn to Qualitative Research methods from the Social Sciences. These methods can help us to ask why, and are useful in identifying unknown knowns: those practices in our socio-technical system, both human and technical, good and bad, that we don't know we know about. Insights gained from asking why will be illustrated via some use-cases.