Human Aspects in Cyber and IT Security Research Paper

Excerpt from Research Paper :

Human Aspects in IT and Cybersecurity

An innovation in IT (information Technology) has revolutionized the method organizations store, record and retrieve information. Moreover, a large percentage of business organizations has taken the advantages internet technology to offer their businesses online where customer's data such as credit cards, SSN (social security number), tax information, and other personal information are recorded in the organizational databases. A major benefit that internet technology offers to organizations is that it assists businesses to transact businesses globally without establishing entities in other countries. The strategy has assisted organizations to achieve competitive market advantages. Despite the benefits associated with IT, businesses face the ethical implications in business transactions because they are faced with a hacking dilemma.

The primary goal of ethics is to promote ethical practices that will enhance availability, confidentiality, and integrity of organizational informational resources. To achieve this objective, employees are to demonstrate a highest ethical conduct standard that will be applicable basic laws and principles. Ethics are the cornerstone of information security dealing with what is right or wrong in human conduct. Ethical theories attempt to determine what is actually good. However, the principle-based theory looks at the moral action in accordance with pre-established rules.

The objective of this paper is to assess the ethical dilemmas that organizations face in the context of cyber security based on the application of ethical theories, models, and principles.

Code of Ethics

A cyber security professional and other employees have the responsibility of protecting customers' data and organizational critical infrastructures. Moreover, they have a moral responsibility to apply the code of ethics to enhance effective information and computer security. One of the applicable code of ethics is that employees must perform their duties and professional activities in accordance with highest ethical principles and applicable laws. A data privacy is an effective code of ethics that employees must respect at all time. Privacy is the right to control interference or access to personal information. An individual privacy refers to a right in preventing other having access to his personal information. Thus, an organization should integrate the right of privacy in their code of ethics. Typically, privacy is held important because it protects customers from all sort of external threats such as theft, ridicule, manipulation, and defamation. Privacy is very critical for autonomy, without a right to privacy, people will face challenges to develop their thoughts and personality. A data privacy is very important, which employee must respect at all times. Since an increasing number of organizations collect customer data during an online transaction, integrating a data privacy in the code of ethics is very critical to protect customer data. By integrating data privacy in the code of ethics, the employee will be obliged to protect customer data by respecting the code of ethics.

Moreover, employees should be obliged to promote accepted information security at current best standards and practice. Additionally, employees must maintain an appropriate confidentiality of sensitive information when carrying out their professional duties. Employees must also discharge their professional duties and responsibilities with honesty and diligence. However, organizations are to implement employee monitoring in the course of their duties to ensure they protect customer data and abide by the code of ethics. The Utilitarian theory of ethics argues that employers should take a course of action to protect the interest of the stakeholders. Thus, an employee should act ethically when performing their professional duties.

Effect of Cultural Values

Cultural differences make people from different ethnic groups and nationalities view ethical norms differently. For example, Asian cultures do not view software piracy as an offense. Typically, western culture views the way Asian people use of software and computer technology as software piracy. For example, Asians believe in collective ownership that clashes to intellectual property. One possible challenge in the application of local law is that the law is not designed in such a way to reflect the interest of all cultural ethnic groups. Globally, the way each cultural ethnic group views piracy, software infringement, illicit use of corporate resource and intellectual property is different. Whitman, & Mattord, (2014) point out that the way people view piracy is different in the United States and Netherland. While American citizens are less tolerant to piracy, however, piracy is more significantly permissive in Netherland. Moreover, copyright infringement is more tolerant in Hong Kong, China and Singapore compared to the UK, Sweden, and Australia where copyright infringement is less tolerated. Essentially, lack of punitive measures and poor local or national law enforcement have contributed to alleged piracy leading to a disregard for intellectual property laws in the countries where piracy is accepted.

Additionally, a misuse of corporate resources is more tolerated in Hong Kong and Singapore. The Chinese theft of American intellectual property is now more rampant because Chinese culture is more tolerant to the infringement of intellectual property. A report by NBAR (2013) reveals that China is the largest source of American IP (intellectual property) theft that amounts to several billions of dollars annually. The effects of the IP theft leads to the loss of revenue and loss of jobs in the United States. Moreover, Chinese theft of American IP is undermining the entrepreneurship and innovation in the U.S. business community. Over the years, China has been using the sophisticated technology to carry out the cyber espionage to steal American intellectual property by using the advanced cyber capabilities to carry out a large-scale cyber espionage on U.S. networks. The activities are designed for the private enterprises, and DOD (Department of Defense). Moreover, China uses espionage to gather the U.S. strategic plan, which has posed a great risk to the U.S. business interests. The major objective of Chinese cyber espionage is to enhance their competitive edge against the United States. The thefts are also to support their science and technology to enable their industries to out-compete the U.S. firms.

While the U.S. government is making a strong effort to combat cyber-espionage, however, the local law is ineffective against the Chinese cyber-espionage. The U.S. government needs to team up with EU (European Union) to strengthen their international trade agreement and develop a sophisticated technology and anti-espionage law against the Chinese cyber theft.

Pro-Active Defense and Cyber Vigilantism

A pro-active defense or cyber vigilantism is a cyber defense strategy where an organization decides to retaliate or hack back a suspected hacking company. In other words, the organization can employ another IT organization to launch a cyber- attack against a suspected hacking company that has attacked their assets. The strategy is similar to the cold war military action between the U.S. and former USSR retaliates when any one of them uses a military action against their allies. While the goal of cyber vigilantism is to deter any future attack, nevertheless, this action is illegal. However, a pro-active defense may be justified if the organization decides to recover the stolen data.

The consequence of cyber-vigilantism is that the organizations indulging in pro-active defense may be accused of cyber-crime because they may not be able to prove their major intention in the court of law. The consequence may make the company have a bad image in the business community. Since cyber vigilantism is unethical, the issue may make the companies losing market advantages because several customers may boycott the company and fear to submit their credit card information to purchase items from the company.

Defensive measures are the options for a pro-active defense where organization use different sophisticated IT tools to defend their IT assets. Detection and forensic are the other pro-active defense where organizations use some number of ACD (Active cyber defense)

"techniques to detect attacks that can circumvent passive defenses. One approach uses honeypots to attract adversaries and look for patterns of behavior (often called tactics, techniques and procedures, or TTPs) that may be hallmarks of a specific aggressor." (CNAS, 2013 p 5).

Once the organizations detect a cyber intrusion, they should collect necessary information about the attack to develop their defensive measures.

Meta-Data / Big Data modified

Metadata refers to structured information used to explain, describe, and manage information resources. Metadata provides information about the traditional data. An example of metadata is the library card catalog since information is increasingly digital. More importantly, metadata is used to describe the context and content of data files. For example, a web page may contain metadata that specifies the language used to write the webpage, and tools used to create it, which assists in improving readers' experience. The major benefit of metadata is that it assists in discovery relevant information. Metadata also assists in organizing electronic resources to discover relevant resources. Additionally, the metadata assists in organizing electronic resources. While traditional data is to support a business decision, however, metadata delivers information about the content of the traditional data. Moreover, the metadata provides the rules by which the traditional data moves in the data warehouse. (Prakashan, 2010).

New Cyber Weapons and STUXNET

Cyber weapon is a type of malware or computer virus that can be used to penetrate…

Sources Used in Document:

Resources Management Association.

Whitman, M.E. & Mattord, H.J. (2014). Principles of Information Security. New York. Cengage Learning.

Cite This Research Paper:

"Human Aspects In Cyber And IT Security" (2016, February 16) Retrieved May 22, 2019, from

"Human Aspects In Cyber And IT Security" 16 February 2016. Web.22 May. 2019. <>

"Human Aspects In Cyber And IT Security", 16 February 2016, Accessed.22 May. 2019,