University of Computer Studies, Yangon

2023-2024 Academic Year

CS-801 (IT Professionalism)
Term Paper Report

In Partial Fulfillment of the Requirement for CS-801 Term Paper

Title
Ethics in Cybersecurity

Submitted by
Student ID: YKPT-22254
Name: Aye Nyein Myint

1 September 2023

Contents
Chapters Titles Page No.
Chapter 1 Introduction 3
1.1 Ethical Cybersecurity
Chapter 2 Background Theory 4
2.1 Building a Better Cyber Space by Ethics
Chapter 3 Current concept of the Ethical Cybersecurity 5
3.1 Core Principles of Ehtical Cybersecurity
3.2 Data Protection Laws
Chapter 4 Ongoing Processes of Ethical Cybersecurity 8
4.1 Integrating Ethics into Cybersecurity
4.2 Establishing Ethics in Cybersecurity
4.3 Benefits of Ethical Cybersecurity
Chapter 5 Conclusion 11
Reference 11

List of Figures Page No.

Figure 1.1 Ethical Cybersecurity 3
Figure 2.1 Cyber Sapce 4
Figure 3.1 Data Protection Laws 7
 Chapter 1
Introduction
1.1 Etical Cybersecurity
What is Ethics?
Ethics refers to well-founded standards of right and wrong that prescribe what humans
ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific
virtues. It is based on many principles and standards such as autonomy, justice, responsiblity,
nonmaleficence, and honesty.
About Cybersecurity
Cybersecurity is the protection of internet-connected systems such as hardware,
software and data from cyberthreats. The practice is used by individuals and enterprises to
protect against unauthorized access to data centers and other computerized systems.
What is Ethical Cybersecurity?
Ethical cybersecurity refers to the practice of conducting cybersecurity activities and
operations in a manner that aligns with ethical principles and values. It involves using ethical
standards and guidelines to guide decision-making, behavior, and practices within the realm
of cybersecurity. Ethical cybersecurity professionals, often known as ethical hackers or
white-hat hackers, use their skills and knowledge to protect information systems, networks,
and data while adhering to a strict code of ethics.

Figure 1.1 Ethical Cybersecurity

3
 Chapter 2
Background Theory
2.1 Building a Better Cyber Space by Ethics
Today, cyber crimes and threats are happening all over the world. Not only to
organizations and companies, cyber issues become involve in individual’s life. Privacy
protection is really important for every person. Today is a digital age and almost everything
in our daily life has become connected to internet and electronic devices. There become cyber
crimes such as individual cyber crimes, organisation cyber crimes, property cybercrimes,
society cybercrimes and so on. There are so many ways to commit a cyber crime. Most
common cyber crimes are phishing and scam, identity theft, ransomware attack, hacking
computer networks and Internet fraud. There are still other types of cybercrime such as cyber
bullying, cyber stalking, software piracy, social media frauds, online drug trafficking,
electronic money laundering and cyber extortion.
This is why cyber security is important and need to align with ethical principles. Cyber
security is the act of saveguarding users’ data and protecting from cyber threats. Those cyber
crimes are done by unethical hackers who only look for their profits neglecting the others’
property. In this research, we are about to learn what are ethical principles and standards,
which laws are protecting, to to integrate ethics into cybersecurity and step by step
procedures. By knowing the values of ethics in cyber sapce and adhering to etical principles,
we will be able to build a better and more secure society in our digital life.

Figure 2.1 Cyber Space

Chapter 3
4
 Current Concept of the Ethical Cybersecurity
3.1 Core Principles of Ethical Cbyersecurity
Ethical cybersecurity is a field that focuses on the responsible and moral use of
information technology and security practices. It aims to protect data, systems, and networks
while upholding principles of fairness, transparency, and respect for individual privacy and
rights. Here are some core principles of ethical cybersecurity:
CIA
The CIA in cybersecurity is a vision that concentrates on the balance between the
confidentiality, integrity, and availability of data under the protection of your information
security structure.
Privacy
Respect individuals' privacy and protect their personal information. Only collect and
use data that is necessary for legitimate security purposes, and ensure it is stored and
processed securely.
Transparency
Be open and transparent about cybersecurity practices, policies, and procedures. Users
should have a clear understanding of how their data is collected, used, and protected.
Accountability
Establish clear lines of responsibility for cybersecurity within an organization. Hold
individuals and entities accountable for security breaches and unethical behavior.
Risk Management
Identify, assess, and prioritize potential risks to systems and data. Ethical cybersecurity
practitioners work to minimize risks by implementing appropriate security controls and
response plans.

3.2 Data Protection Laws

As cyber threats and crimes spread borders, some data protection laws are set to take
measures those illegal cyber attacks. The main function of data protection laws, regardless of
country, is to govern the collection, use, disclosure and care of personal data. As the amount
of personal data around the world continues to grow, it becomes increasingly challenging for
end users to know and protect their own personal data. Hence, organizations are required to
take the necessary precaution to protect the data that they collect from end users.

Data breaches leave end users vulnerable to crime such as identity theft and victims of
unsolicited contact from malicious organizations and there is a real cost for businesses. When
an organization is determined to be guilty of inadequate data protection practices — whether
or not a breach actually happens — the organization is liable to punishment in the form of
hefty fines.

Data Protection Laws around the World

5
1. General Data Protection Regulation (GDPR)

GDPR is one of the most comprehensive data protection laws globally. It

provides individuals with control over their personal data and imposes strict
obligations on organizations handling such data. GDPR requires consent for data
processing, data breach notifications, and the appointment of Data Protection Officers
(DPOs).

2. California Consumer Privacy Act (CCPA)

Enforced in the state of California, USA, CCPA grants California residents

certain rights over their personal information, including the right to know what data is
collected and the right to request its deletion. It applies to businesses meeting specific
criteria.

3. Personal Information Protection and Electronic Documents Act (PIPEDA)

Canada's federal privacy law, PIPEDA, regulates the collection, use, and
disclosure of personal information by private sector organizations. It includes
principles such as consent, accountability, and the right to access personal data.

4. Data Protection Act 2018

The UK's Data Protection Act 2018, aligned with GDPR, governs data
protection in the United Kingdom post-Brexit. It covers the processing of personal
data and grants individuals rights over their data.

5. Personal Data Protection Act (PDPA)

Singapore's PDPA establishes rules for the collection, use, and disclosure of
personal data by organizations. It includes provisions for consent, data protection
officers, and breach notification.

6. Australian Privacy Principles (APPs)

Under the Australian Privacy Act 1988, the APPs govern the handling of
personal information by Australian government agencies and many private sector
organizations.

7. Brazilian General Data Protection Law (LGPD)

LGPD is Brazil's data protection law, inspired by GDPR. It regulates the

processing of personal data and grants rights to data subjects.

6
 8. Personal Information Protection Law (PIPL)

China's PIPL is a comprehensive data protection law that came into effect in
2021. It imposes restrictions on cross-border data transfers and includes provisions for
consent and data subject rights.

9. Data Protection Laws in India

India introduced the Personal Data Protection Bill, 2019 (PDP Bill) to regulate
the processing of personal data. As of my last knowledge update in September 2021,
the PDP Bill was under consideration.

These are the laws around the world protecting for data privacy. Taking specific
actions on unethical behaviours in cyber sapce will reduce the amount of cyber crimes and
people will aware of the risks while making actions on others’ pivacy. By knowing laws and
regulations, orginizations and companies will be able to set codes of ethics that align with the
laws. Those are the laws must be awared by individuals whoever work in IT field.

Figure 3.1 Data Protection Laws

7
 Chapter 4
Ongoing Processes of Ethical Cyber Security
4.1 Integrating Ethics into Cyber Security
Integrating ethics into cybersecurity is crucial in today's digital age, where technology
is deeply embedded in our lives and cyber threats are constantly evolving. Ethical
considerations should guide the actions of individuals, organizations, and governments in the
realm of cybersecurity. Here are some considerations while making ethical cybersecurity
practices.
Informed Consent:
Users should have a clear understanding of the risks associated with using digital
services, and they should provide informed consent for data collection and processing.
Organizations should communicate the potential security risks and empower users to make
informed decisions.
Vulnerability Disclosure:
Ethical hackers (often referred to as "white hat" hackers) play a critical role in
identifying and reporting vulnerabilities. Organizations should encourage responsible
disclosure and treat security researchers with respect, acknowledging their contributions.

International Collaboration:

As cyber threats transcend borders, ethical cybersecurity requires international

collaboration. Nations and organizations should work together to establish common standards
and practices that uphold ethical principles in cyberspace.

Educational Initiatives:

Promoting cybersecurity ethics through education is essential. Training programs

should emphasize the importance of ethical behavior among cybersecurity professionals and
highlight the potential consequences of unethical actions.

Whistleblower Protection:
Individuals who witness unethical or illegal cybersecurity practices should have the
means to report these concerns without fear of retaliation. Whistleblower protection policies
can help create an environment of accountability.
By prioritizing ethical considerations, the cybersecurity community can work towards a
safer and more responsible digital environment for all.

8
4.2 Establishing Ethics in Cyber Security
This is essential for ensuring the responsible and moral use of technology to protect
digital systems and data. Here are some steps to help organizations and individuals establish
ethics in cybersecurity:
Leadership Commitment:
Ensure that top leadership and management are committed to upholding ethical
standards in cybersecurity. Their support and endorsement of ethical practices will set the
tone for the entire organization.

Create Ethical Guidelines and Policies:

 Develop a comprehensive code of ethics or guidelines specific to cybersecurity. These

documents should outline the expected behavior, responsibilities, and ethical
considerations for cybersecurity professionals.
 Include specific guidelines for issues like responsible disclosure of vulnerabilities,
handling of user data, and ethical decision-making in challenging situations.

Ethical Decision-Making Framework:

 Develop a framework that helps employees make ethical decisions when faced with
complex situations.
 Encourage the consideration of potential consequences, stakeholders' interests, and
alignment with ethical principles when making cybersecurity choices.

Incentives and Recognition:

 Reward and recognize employees who consistently demonstrate ethical behavior in

their cybersecurity roles.
 Incorporate ethical considerations into performance evaluations and professional
development opportunities.

Embed Ethics in Processes:

 Integrate ethical considerations into the entire cybersecurity lifecycle, from design
and development to implementation and maintenance.
 Implement a review process that assesses the ethical implications of new
technologies, tools, and practices before they are adopted.

Collaboration with Legal and Compliance:

 Work closely with legal and compliance teams to ensure that cybersecurity practices
adhere to relevant laws, regulations, and industry standards.
 Align ethical practices with legal requirements, such as data protection regulations.

Establishing ethics in cybersecurity requires continuous attention and adaptation to address

evolving challenges. With these steps, organizations, companies and individuals will be able
to build trust, enhance their reputation, and contribute to a more secure cyber space.

9
4.3 Benefits of Ehtical Cyber Security
The final section summarizes the connections between the information discussed in the
body of the paragraph and the paragraph’s controlling idea.

Enhanced Trust and Reputation:

Ethical cybersecurity practices demonstrate your commitment to safeguarding user

data and privacy. This builds trust among your customers, clients, partners, and stakeholders,
enhancing your organization's reputation.

Reduced Legal and Regulatory Risks:

Ethical cybersecurity practices often align with legal and regulatory requirements. By
adhering to ethical principles, you can reduce the risk of legal penalties, fines, and
reputational damage resulting from non-compliance.

Stronger Customer Loyalty:

Users are more likely to trust and remain loyal to organizations that prioritize ethical
cybersecurity. When customers feel that their data and privacy are well-protected, they are
more likely to continue using your services.

Mitigated Insider Threats:

An ethical cybersecurity culture emphasizes the importance of responsible behavior

among employees. This can help reduce the likelihood of insider threats arising from
negligence or malicious intent.

Reduced Costs:

By prioritizing security and ethical practices, organizations can prevent security

incidents that might lead to financial losses. Additionally, ethical practices can minimize the
costs associated with legal actions, fines, and reputational repair.

Safeguarding Critical Infrastructure:

Ethical cybersecurity measures help protect critical infrastructure from cyberattacks,

ensuring the continuity of essential services that society relies upon.

Contributing to a Secure Digital Society:

In summary, ethical cybersecurity is not only about compliance and risk mitigation, but
it also fosters a culture of trust, responsibility, and accountability. The benefits extend beyond
the organization's immediate operations, positively impacting users, stakeholders, and the
broader digital ecosystem.

10
 Chapter 5
Conclusion
The complex and dynamic nature of cybersecurity demands a continuous evaluation of
the ethical dimensions that underpin the field. As technology continues to evolve, ethical
considerations must evolve in tandem, with a focus on safeguarding data, respecting privacy,
and promoting digital trust. This paper describes what are happening in cyber space and the
importance of cybersecurity. The principles of Ethical Cybersecurity, Laws and Regulations,
how to integrate ethics into cybersecurity, step by step of establishing Ethical Cybersecurity
and the benefits are enough mentioned. And also, this paper underscores the critical
importance of ethical decision-making in cyber security and emphasizes the need for a
holistic approach that encompasses individual actions, organizational policies, and global
cooperation. With these knowledges, we will be able to aware of the cyber crimes and attacks
and be able to protect our importance privacy data from cyber criminals. Moreover, adhering
to Ethical Cybersecurity principles in our practices will let us to live in a better and more
secure society.

References
1. https://www.scu.edu
2. https://www.counseling.org
3. https://www.checkpoint.com
4. https://www.horangi.com
5. https://www.google.com

11