Ethical Frameworks in Organizations for Cybersecurity
Master thesis
Permanent lenke
https://hdl.handle.net/11250/3019793Utgivelsesdato
2022Metadata
Vis full innførselSamlinger
Sammendrag
Cybersecurity is of critical ethical significance, because cybersecurity technologies have animportant impact on human well-being as they make possible many contemporary decisions,which affects the human organizations that rely on the accessibility and integrity of data andcomputer systems. In cybersecurity it is important to have ethical principles and guidelineswhich are effective. The reason for this is that cybersecurity has a critical impact on ethics,since cybersecurity technologies have an important impact on human well-being as well asethical trade-offs and complex moral issues, such as whether to pay hackers or not. There area lot of ethical issues raised by cybersecurity such as what type of sensitive data to keep andwhat to remove, paying ransomware or testing and deceiving the employees through socialengineered testing. Therefore it is important to choose an ethical framework that helps solvethose issues. In this master thesis the researchers try to address what type of frameworks areused for cybersecurity and which framework should different Norwegian organizationschoose to implement for their organization. The thesis will also use interviews to achieve andfind out what ethics organizations use, by using a list of questions through semi-structuredinterviews, which are based on our research questions, and what was discovered in theexisting literature. Furthermore, the researchers examine the different ethical theories that theframeworks are based on and what the differences are in those theories. The research outcomewill help to choose what type of framework the organizations should choose when it comes totheir ethical issues, dilemmas and values. The three main frameworks that were examined arethe principlist framework, human-rights/right-based framework andConsequentialist/Utilitarianism Framework. The study uses a qualitative exploratory researchapproach, with semi-structured interviews to gather data from several organizations withincybersecurity in Norway. The results are analyzed and compared to existing research, toachieve a theoretical understanding of the result. The study identifies what type of ethicalframeworks exist and uses different characteristics on how to compare ethics, ethicalguidelines and values to the ethical frameworks. In this research work the researchers focusedon examining different types of organizations and businesses operating in Norway by lookingat what ethical frameworks organizations use and how ethical frameworks, guidelines andstandards are used in Norwegian organizations in the context of cybersecurity. Main outcomeof this study shows that none of the organizations uses a specific ethical framework, but theethics of the organizations can be compared to two of the different types of ethicalframeworks for cybersecurity. These two are the principlist framework and thehuman-rights/rights-based framework and some of the organizations use a combination ofboth of them. This research work contributes to raising awareness on the lack of knowledgeand interest around ethical frameworks used for cybersecurity in Norwegian organizations.Furthermore, the outcomes of this exploratory study provided an overview on how differentsectors work with ethics when it comes to cybersecurity. The work presented in this thesisprovides insights to Norwegian organizations on existing ethical framework in cybersecurity;these insights can help guide strategic planning on organizational level, policy making andguidelines, which will help maintain their overall security and improve decision making.