Ethical principles shaping values-based cybersecurity decision-making

Joseph Fenech, Deborah Richards*, Paul Formosa

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)
293 Downloads (Pure)

Abstract

The human factor in information systems is a large vulnerability when implementing cybersecurity, and many approaches, including technical and policy driven solutions, seek to mitigate this vulnerability. Decisions to apply technical or policy solutions must consider how an individual's values and moral stance influence their responses to these implementations. Our research aims to evaluate how individuals prioritise different ethical principles when making cybersecurity sensitive decisions and how much perceived choice they have when doing so. Further, we sought to use participants’ responses to cybersecurity scenarios to create profiles that describe their values and individual factors including personality. Participants (n = 193) in our study responded to five different ethically sensitive cybersecurity scenarios in random order, selecting their action in that scenario and rating and ranking of the ethical principles (i.e., Beneficence, Non-Maleficence, Justice, Autonomy, Explicability) behind that action. Using participants’ demographics, personality, values, and cyber hygiene practices, we created profiles using machine learning to predict participants’ choices and the principle of most importance to them across scenarios. Further, we found that, generalising, for our participants Autonomy was the most important ethical principle in our scenarios, followed by Justice. Our study also suggests that participants felt they had some agency in their decision making and they were able to weigh up different ethical principles.

Original languageEnglish
Article number103795
Pages (from-to)1-17
Number of pages17
JournalComputers and Security
Volume140
DOIs
Publication statusPublished - May 2024

Bibliographical note

Copyright the Author(s) 2024. Version archived for private and non-commercial use with the permission of the author/s and according to publisher conditions. For further rights please contact the publisher.

Keywords

  • Cybersecurity sensitive decision-making
  • Ethical principles
  • Ethics training
  • Human agency
  • Profiling

Fingerprint

Dive into the research topics of 'Ethical principles shaping values-based cybersecurity decision-making'. Together they form a unique fingerprint.

Cite this