Abstract
Humans are reportedly exploited as the main attack vector for security breaches. In order to minimize the susceptibility of humans to security at-tacks, it is not sufficient for individuals to just be aware, but they need to change their behavior as well. Such behavior change, that is, the modification of user behavior, can occur via targeted interventions, which are gradually being introduced in cyber security. In this paper, we identify and categorize the main approaches used to change user behavior and portray the main limitations of these approaches. Other fields, like health sciences, psychology and economics, have been traditionally more mature in ethics-related considerations. We suggest that although individual behavior change is increasingly being embraced by security practitioners and professionals, ethical aspects of the accompanied interventions are by large neglected in the field. We explore the ethical traditions of utilitarian, deontological and virtue ethics and their relations with security. We posit that ethical frameworks are needed for cyber behavior change interventions as a means to enhance security hygiene on both an individual and an organizational level.
Original language | English |
---|---|
Title of host publication | Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media |
Place of Publication | Singapore |
Publisher | Springer |
Pages | 107-129 |
ISBN (Electronic) | 978-981-99-6974-6 |
ISBN (Print) | 978-981-99-6973-9 |
DOIs | |
Publication status | Published - 18 Feb 2024 |
Event | Cyber Science: Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC) - Aalborg University Copenhagen, Copenhagen, Denmark Duration: 3 Jul 2023 → 4 Jul 2023 https://c-mric.org/cyberscience2023_accepted_papers/ |
Publication series
Name | Springer Proceedings in Complexity |
---|---|
Publisher | Springer |
ISSN (Print) | 2213-8684 |
ISSN (Electronic) | 2213-8692 |
Conference
Conference | Cyber Science |
---|---|
Country/Territory | Denmark |
City | Copenhagen |
Period | 3/07/23 → 4/07/23 |
Internet address |
Keywords
- cyber security
- behavior change
- behavioral interventions
- ethics