Abstract
This paper considers which types of evidence guide cybersecurity decisions. We argue that the “InfoSec belongs to the quants” paradigm will not be realised despite its normative appeal. In terms of progress to date, we find few empirical results that can guide risk mitigation decisions. We suggest the knowledge base about quantitative cybersecurity is continually eroded by increasing complexity, technological flux, and strategic adversaries. Given these secular forces will not abate any time soon, we argue that legal reasoning will increasingly influence cybersecurity decisions relative to technical and quantitative reasoning. The law as a system of social control bristles with ambiguity and so legal mechanisms exist to resolve uncertainties over time. Actors with greater claims to authority over this knowledge base, predominantly lawyers, will accrue decision making power within organisations. We speculate about the downstream impacts of lawyers inheriting cybersecurity, and also sketch the limits of the paradigm’s explanatory power.
| Original language | English |
|---|---|
| Title of host publication | New Security Paradigms Workshop |
| Place of Publication | New York, NY, USA |
| Publisher | Association for Computing Machinery, Inc |
| Pages | 1–12 |
| ISBN (Print) | 9781450385732 |
| DOIs | |
| Publication status | Published - 27 Dec 2021 |
| Event | New Security Paradigms Workshop 2021 - Virtual Conference Duration: 26 Oct 2021 → 28 Oct 2021 https://www.nspw.org/2021 |
Publication series
| Name | NSPW '21 |
|---|---|
| Publisher | Association for Computing Machinery |
Conference
| Conference | New Security Paradigms Workshop 2021 |
|---|---|
| Abbreviated title | NSPW 2021 |
| Period | 26/10/21 → 28/10/21 |
| Internet address |
Keywords
- risk management
- cybersecurity policy
- philosophy of security
- technology policy
- lawyers
- quantitative cybersecurity