The aim of information security research, it seems to me, is to understand, and thereby directly or indirectly improve security. There are five main objectives of security research:
1) To improve security in an organisational context;
2) To improve security at a particular point, or component, of technology;
3) To quantify, assess or manage security;
4) To integrate security into an otherwise insecure system, process or architecture;
5) To break security.