Abstract
Humans are reportedly exploited as the main attack vector for security breaches. In order to minimize the susceptibility of humans to security at-tacks, it is not sufficient for individuals to just be aware, but they need to change their behavior as well. Such behavior change, that is, the modification of user behavior, can occur via targeted interventions, which are gradually being introduced in cyber security. In this paper, we identify and categorize the main approaches used to change user behavior and portray the main limitations of these approaches. Other fields, like health sciences, psychology and economics, have been traditionally more mature in ethics-related considerations. We suggest that although individual behavior change is increasingly being embraced by security practitioners and professionals, ethical aspects of the accompanied interventions are by large neglected in the field. We explore the ethical traditions of utilitarian, deontological and virtue ethics and their relations with security. We posit that ethical frameworks are needed for cyber behavior change interventions as a means to enhance security hygiene on both an individual and an organizational level.
| Original language | English |
|---|---|
| Publication status | Published - 4 Jul 2023 |
| Event | Cyber Science: Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC) - Aalborg University Copenhagen, Copenhagen, Denmark Duration: 3 Jul 2023 → 4 Jul 2023 https://c-mric.org/cyberscience2023_accepted_papers/ |
Conference
| Conference | Cyber Science |
|---|---|
| Country/Territory | Denmark |
| City | Copenhagen |
| Period | 3/07/23 → 4/07/23 |
| Internet address |
Keywords
- cyber security
- behavior change
- behavioral interventions
- ethics