This paper examines the social in information security. We argue that there is always a social aspect in technical information security attacks. By using Erving Goffman’s sociological concept of “frame”, we analyse the social in different illustrative contexts, in which technical attacks are compared with social engineering attacks. Through examining the concept of normality, we found that social engineering attacks and technical attacks can resemble each other. In both attack forms, the intruders can hide their actions in the flow of normality. Thus, we question the fertility of information security’s bifurcation into the two separate branches (technical/social). Instead of thinking the technical as separated and free of the social, we argue that the social is present everywhere in the field of security, including the technical side as well. All security is social in the first place.