Behavior change approaches for cyber security and the need for ethics

Research output: Chapter in Book/Report/Conference proceedingConference contribution

146 Downloads (Pure)

Abstract

Humans are reportedly exploited as the main attack vector for security breaches. In order to minimize the susceptibility of humans to security at-tacks, it is not sufficient for individuals to just be aware, but they need to change their behavior as well. Such behavior change, that is, the modification of user behavior, can occur via targeted interventions, which are gradually being introduced in cyber security. In this paper, we identify and categorize the main approaches used to change user behavior and portray the main limitations of these approaches. Other fields, like health sciences, psychology and economics, have been traditionally more mature in ethics-related considerations. We suggest that although individual behavior change is increasingly being embraced by security practitioners and professionals, ethical aspects of the accompanied interventions are by large neglected in the field. We explore the ethical traditions of utilitarian, deontological and virtue ethics and their relations with security. We posit that ethical frameworks are needed for cyber behavior change interventions as a means to enhance security hygiene on both an individual and an organizational level.
Original languageEnglish
Title of host publicationProceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media
Place of PublicationSingapore
PublisherSpringer
Pages107-129
ISBN (Electronic)978-981-99-6974-6
ISBN (Print)978-981-99-6973-9
DOIs
Publication statusPublished - 18 Feb 2024
EventCyber Science: Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC) - Aalborg University Copenhagen, Copenhagen, Denmark
Duration: 3 Jul 20234 Jul 2023
https://c-mric.org/cyberscience2023_accepted_papers/

Publication series

NameSpringer Proceedings in Complexity
PublisherSpringer
ISSN (Print)2213-8684
ISSN (Electronic)2213-8692

Conference

ConferenceCyber Science
Country/TerritoryDenmark
CityCopenhagen
Period3/07/234/07/23
Internet address

Keywords

  • cyber security
  • behavior change
  • behavioral interventions
  • ethics

Cite this