Skip to main content

Fallacies of IT Security

Fallacies of IT Security

In academia as much as in industry and government, the application of mathematics to derive meaning is often equated with something being scientific. This means that there is a tendency to blindly translate qualitative observations into numerical – and measurable – values. Such quantitative approaches are, however, far from always relevant or, indeed, produce meaningful insights. In some cases, these abstractions are empty, wrong and misleading and may, as a result, pose significant risks to the correctness of the findings.

Information security is not exempt from this critique. There is an abundance of examples within the field which rely on mathematical abstractions to reduce or, indeed, redefine qualitative meanings to fit pre-defined quantitative scales, which are then algebraically manipulated without rigorous justification. Thus also failing to acknowledge subtly distinct discoveries and insights found in qualitative interpretations. Moreover, information security research tends to favour quantitative approaches to studying social phenomena over qualitative ones, which in the process are often redefined as psychological phenomena, stripping them of context and their social dimensions. This is evident in, for example, usable security research, which has traditionally focused on individuals' perceptions, cognition and behaviours in order to test and model them. Finally, the mantra "humans are the weakest link" remains popular among practitioners and academics, revealing a worrying role reversal: IT systems are not conceptualised in service of those who depend on them but people are integrated into these systems and surveilled to enforce compliance, while the latter's failures are blamed on the former.

This research area focuses on criticising these approaches by drawing out their inherent fallacies, studying alternative methods and pointing to the shaky social scientific grounding of some established practices in information security.

Explore Royal Holloway

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones

Heading to university is exciting. Finding the right place to live will get you off to a good start

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help

Discover more about our 21 departments and schools

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’

Royal Holloway is a research intensive university and our academics collaborate across disciplines to achieve excellence.

Discover world-class research at Royal Holloway

Discover more about who we are today, and our vision for the future

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today

We’ve played a role in thousands of careers, some of them particularly remarkable

Find about our decision-making processes and the people who lead and manage Royal Holloway today