Towards a Security Science through a Specific Theory and Methodology

This research discusses the adequacy of the present body of knowledge of security in business and industry. It offers a set of concepts and a methodology by which the existing approaches can be organised into a scientific discipline and upon which further research can be based. Three main reasons are submitted for undertaking this task. First, academic approaches to the study of security are scarce and disagree on basic security concepts. Second, operational approaches originate from a multitude of actors responding to specific problems. Hence, security activities tend to be contingency-focused and to lack vision. Third, security is widely interpreted as an all-embracing topic covering all negative aspects of life. Thus, the attribution of responsibility and blame is subjective, where interest and emotion may prevail over rationality and justice. All these limitations raise problems of theorisation, explanation and justification. These can be addressed only by scientific methodology. This is the starting point of the research. The research examines the evolution of security concepts and outlines the general and operational features of security in business and industry. The main problem areas (definition and methodology) are identified and related to the principles and methods of science. The scientific reliability of the present security reasoning is examined against a framework of scientific methodology. It is found wanting. A new approach is offered conforming to the principles of scientific methodology, in order to establish general principles applicable to all security situations, and to facilitate further study. It starts with a definition of security, identifies the components of a security context and analyses its processes. It reviews the impact of management and decision-making processes upon security decisions, and offers a general methodology. It examines whether a model can be induced through which to interpret, and reasonably explain, the majority of cases in security management. A model is offered, on whose basis a security problem can be addressed, and which can be used for verification and further studies. Thus, the research seeks to contribute to the foundation of a science of security.