Practical Cybersecurity Ethics: Mapping CyBOK to Ethical Concerns
- URL: http://arxiv.org/abs/2311.10165v1
- Date: Thu, 16 Nov 2023 19:44:03 GMT
- Title: Practical Cybersecurity Ethics: Mapping CyBOK to Ethical Concerns
- Authors: Ivan Flechais, George Chalhoub,
- Abstract summary: We use ongoing work on the Cyber Security Body of Knowledge (CyBOK) to help elicit and document the responsibilities and ethics of the profession.
Based on a literature review of the ethics of cybersecurity, we use CyBOK to frame the exploration of ethical challenges in the cybersecurity profession.
Our findings indicate that there are broad ethical challenges across the whole of cybersecurity, but also that different areas of cybersecurity can face specific ethical considerations.
- Score: 13.075370397377078
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Research into the ethics of cybersecurity is an established and growing topic of investigation, however the translation of this research into practice is lacking: there exists a small number of professional codes of ethics or codes of practice in cybersecurity, however these are very broad and do not offer much insight into the ethical dilemmas that can be faced while performing specific cybersecurity activities. In order to address this gap, we leverage ongoing work on the Cyber Security Body of Knowledge (CyBOK) to help elicit and document the responsibilities and ethics of the profession. Based on a literature review of the ethics of cybersecurity, we use CyBOK to frame the exploration of ethical challenges in the cybersecurity profession through a series of 15 interviews with cybersecurity experts. Our approach is qualitative and exploratory, aiming to answer the research question "What ethical challenges, insights, and solutions arise in different areas of cybersecurity?". Our findings indicate that there are broad ethical challenges across the whole of cybersecurity, but also that different areas of cybersecurity can face specific ethical considerations for which more detailed guidance can help professionals in those areas. In particular, our findings indicate that security decision-making is expected of all security professionals, but that this requires them to balance a complex mix of technical, objective and subjective points of view, and that resolving conflicts raises challenging ethical dilemmas. We conclude that more work is needed to explore, map, and integrate ethical considerations into cybersecurity practice; the urgent need to conduct further research into the ethics of cybersecurity AI; and highlight the importance of this work for individuals and professional bodies who seek to develop and mature the cybersecurity profession in a responsible manner.
Related papers
- Cross-Modality Safety Alignment [73.8765529028288]
We introduce a novel safety alignment challenge called Safe Inputs but Unsafe Output (SIUO) to evaluate cross-modality safety alignment.
To empirically investigate this problem, we developed the SIUO, a cross-modality benchmark encompassing 9 critical safety domains, such as self-harm, illegal activities, and privacy violations.
Our findings reveal substantial safety vulnerabilities in both closed- and open-source LVLMs, underscoring the inadequacy of current models to reliably interpret and respond to complex, real-world scenarios.
arXiv Detail & Related papers (2024-06-21T16:14:15Z) - AI Risk Management Should Incorporate Both Safety and Security [185.68738503122114]
We argue that stakeholders in AI risk management should be aware of the nuances, synergies, and interplay between safety and security.
We introduce a unified reference framework to clarify the differences and interplay between AI safety and AI security.
arXiv Detail & Related papers (2024-05-29T21:00:47Z) - Cyber Security in Energy Informatics: A Non-technical Perspective [0.0]
This research aims to conduct a literature review focusing on non-technical issues in cyber security in the energy informatics field.
The findings show that there are seven non-technical issues have been discussed in literature, including education, awareness, policy, standards, human, and risks, challenges, and solutions.
arXiv Detail & Related papers (2024-05-03T05:39:23Z) - Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report [1.099532646524593]
Training new cybersecurity professionals is a challenging task due to the broad scope of the area.
We propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum.
We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course.
arXiv Detail & Related papers (2024-04-18T09:53:49Z) - Testing autonomous vehicles and AI: perspectives and challenges from cybersecurity, transparency, robustness and fairness [53.91018508439669]
The study explores the complexities of integrating Artificial Intelligence into Autonomous Vehicles (AVs)
It examines the challenges introduced by AI components and the impact on testing procedures.
The paper identifies significant challenges and suggests future directions for research and development of AI in AV technology.
arXiv Detail & Related papers (2024-02-21T08:29:42Z) - Artificial Intelligence Ethics Education in Cybersecurity: Challenges
and Opportunities: a focus group report [10.547686057159309]
The emergence of AI tools in cybersecurity creates many opportunities and uncertainties.
Confronting the "black box" mentality in AI cybersecurity work is also of the greatest importance.
Future AI educators and practitioners need to address these issues by implementing rigorous technical training curricula.
arXiv Detail & Related papers (2023-11-02T00:08:07Z) - Graph Mining for Cybersecurity: A Survey [61.505995908021525]
The explosive growth of cyber attacks nowadays, such as malware, spam, and intrusions, caused severe consequences on society.
Traditional Machine Learning (ML) based methods are extensively used in detecting cyber threats, but they hardly model the correlations between real-world cyber entities.
With the proliferation of graph mining techniques, many researchers investigated these techniques for capturing correlations between cyber entities and achieving high performance.
arXiv Detail & Related papers (2023-04-02T08:43:03Z) - Pedagogic Challenges in Teaching Cyber Security -- a UK Perspective [0.0]
Cyber security has become an issue of national concern in the UK, USA and many other countries worldwide.
We explore the issues relating to student expectations and the CSI effect in students entering cyber security.
We highlight the science vs tools debate to bring focus to some of the pedagogic tensions between students/industry and the academics who teach on the degree courses.
arXiv Detail & Related papers (2022-12-13T13:55:21Z) - Proceedings of the Artificial Intelligence for Cyber Security (AICS)
Workshop at AAAI 2022 [55.573187938617636]
The workshop will focus on the application of AI to problems in cyber security.
Cyber systems generate large volumes of data, utilizing this effectively is beyond human capabilities.
arXiv Detail & Related papers (2022-02-28T18:27:41Z) - 'Cyber security is a dark art': The CISO as soothsayer [12.246860992135783]
Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises.
Many organisations employ a Chief Information Security Officer (CISO) to lead such a function.
We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders.
arXiv Detail & Related papers (2022-02-25T15:21:29Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.