dc.description.abstract | Cybersecurity is of critical ethical significance, because cybersecurity technologies have an
important impact on human well-being as they make possible many contemporary decisions,
which affects the human organizations that rely on the accessibility and integrity of data and
computer systems. In cybersecurity it is important to have ethical principles and guidelines
which are effective. The reason for this is that cybersecurity has a critical impact on ethics,
since cybersecurity technologies have an important impact on human well-being as well as
ethical trade-offs and complex moral issues, such as whether to pay hackers or not. There are
a lot of ethical issues raised by cybersecurity such as what type of sensitive data to keep and
what to remove, paying ransomware or testing and deceiving the employees through social
engineered testing. Therefore it is important to choose an ethical framework that helps solve
those issues. In this master thesis the researchers try to address what type of frameworks are
used for cybersecurity and which framework should different Norwegian organizations
choose to implement for their organization. The thesis will also use interviews to achieve and
find out what ethics organizations use, by using a list of questions through semi-structured
interviews, which are based on our research questions, and what was discovered in the
existing literature. Furthermore, the researchers examine the different ethical theories that the
frameworks are based on and what the differences are in those theories. The research outcome
will help to choose what type of framework the organizations should choose when it comes to
their ethical issues, dilemmas and values. The three main frameworks that were examined are
the principlist framework, human-rights/right-based framework and
Consequentialist/Utilitarianism Framework. The study uses a qualitative exploratory research
approach, with semi-structured interviews to gather data from several organizations within
cybersecurity in Norway. The results are analyzed and compared to existing research, to
achieve a theoretical understanding of the result. The study identifies what type of ethical
frameworks exist and uses different characteristics on how to compare ethics, ethical
guidelines and values to the ethical frameworks. In this research work the researchers focused
on examining different types of organizations and businesses operating in Norway by looking
at what ethical frameworks organizations use and how ethical frameworks, guidelines and
standards are used in Norwegian organizations in the context of cybersecurity. Main outcome
of this study shows that none of the organizations uses a specific ethical framework, but the
ethics of the organizations can be compared to two of the different types of ethical
frameworks for cybersecurity. These two are the principlist framework and the
human-rights/rights-based framework and some of the organizations use a combination of
both of them. This research work contributes to raising awareness on the lack of knowledge
and interest around ethical frameworks used for cybersecurity in Norwegian organizations.
Furthermore, the outcomes of this exploratory study provided an overview on how different
sectors work with ethics when it comes to cybersecurity. The work presented in this thesis
provides insights to Norwegian organizations on existing ethical framework in cybersecurity;
these insights can help guide strategic planning on organizational level, policy making and
guidelines, which will help maintain their overall security and improve decision making. | |