Cybersecurity behavior change: A conceptualization of ethical principles for behavioral interventions

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-08-14 DOI:10.1016/j.cose.2024.104025

{"title":"Cybersecurity behavior change: A conceptualization of ethical principles for behavioral interventions","authors":"","doi":"10.1016/j.cose.2024.104025","DOIUrl":null,"url":null,"abstract":"<div><p>The importance of changing behaviors is gradually being acknowledged in cybersecurity, and the reason is the realization that a notable portion of security incidents have a human-related component. Thus, enhancing behaviors at individual level, can bring a significant reduction in security breaches overall. Behavior change refers to any modification of human behavior through some type of intervention. Interventions from behavioral economics and psychology are being increasingly introduced in the field, however, the ethics surrounding such interventions are largely neglected. In this paper, we raise the ethical issues associated with behavioral intervention approaches. We draw on the traditionally more mature field of biomedical ethics and propose six clusters of ethical principles suitable for cybersecurity behavior change. We conducted a survey (<em>N</em> = 141) to identify individuals’ perceptions on the proposed ethical principles and validate their perceived usefulness. We analyze an existing intervention in the light of our six-principle conceptualization to showcase how it can be used as a practical apparatus. Our set of ethical principles are aimed for cybersecurity professionals, policy makers, and behavioral intervention designers, and can serve as a starting point for best-practice development in cybersecurity behavior change ethics.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167404824003304/pdfft?md5=c69e69a350e44cf2f865a47e52e9afdc&pid=1-s2.0-S0167404824003304-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003304","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The importance of changing behaviors is gradually being acknowledged in cybersecurity, and the reason is the realization that a notable portion of security incidents have a human-related component. Thus, enhancing behaviors at individual level, can bring a significant reduction in security breaches overall. Behavior change refers to any modification of human behavior through some type of intervention. Interventions from behavioral economics and psychology are being increasingly introduced in the field, however, the ethics surrounding such interventions are largely neglected. In this paper, we raise the ethical issues associated with behavioral intervention approaches. We draw on the traditionally more mature field of biomedical ethics and propose six clusters of ethical principles suitable for cybersecurity behavior change. We conducted a survey (N = 141) to identify individuals’ perceptions on the proposed ethical principles and validate their perceived usefulness. We analyze an existing intervention in the light of our six-principle conceptualization to showcase how it can be used as a practical apparatus. Our set of ethical principles are aimed for cybersecurity professionals, policy makers, and behavioral intervention designers, and can serve as a starting point for best-practice development in cybersecurity behavior change ethics.

查看原文本刊更多论文

网络安全行为改变：行为干预道德原则的概念化

在网络安全领域，人们逐渐认识到改变行为方式的重要性，原因是人们意识到，相当一部分安全事件都与人为因素有关。因此，加强个人层面的行为可以显著减少整体安全漏洞。行为改变是指通过某种类型的干预来改变人类行为。行为经济学和心理学的干预措施正越来越多地被引入这一领域，然而，围绕这些干预措施的伦理问题却在很大程度上被忽视了。在本文中，我们提出了与行为干预方法相关的伦理问题。我们借鉴了传统上更为成熟的生物医学伦理学领域，并提出了适合网络安全行为改变的六组伦理原则。我们进行了一项调查（N = 141），以确定个人对所提出的伦理原则的看法，并验证其有用性。我们根据六项原则的概念对现有干预措施进行了分析，以展示如何将其用作实用工具。我们的这套伦理原则面向网络安全专业人士、政策制定者和行为干预设计者，可作为网络安全行为改变伦理最佳实践发展的起点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.

文献相关原料

公司名称	产品信息	采购帮参考价格