CONCEPTUAL APPROACHES TO THE INTEGRATION OF ETHICAL NORMS INTO INFORMATION SECURITY POLICY

Abstract

The article analyzes key conceptual approaches to integrating ethics into information security policy. Based on the
analysis of scientific publications, key ethical dilemmas arising in the field of information security are identified, in particular,
the problems of confidentiality, transparency, automation of decision-making and personnel monitoring. The need to formalize
ethical principles in internal regulatory documents is substantiated in order to increase responsibility, transparency and trust in
the digital environment. A classification of existing approaches to the implementation of ethics in information security with
certain characteristics, ethical dimension and evaluation criteria is proposed: regulatory and legal, professional and ethical,
corporate and ethical, educational, technological and ethical. The developed criteria allow for the further formation of a holistic
system for assessing the effectiveness of approaches. A conceptual model of the integration of ethical norms is created, which
provides for the stages of diagnostics, formalization, implementation, training, monitoring and criteria for assessing ethical
impact. The model allows systematizing the process of implementing ethical principles into organizational documents of
information security. Recommendations are presented for developing internal policies taking into account ethical principles,
conducting an ethical audit, and establishing an ethics committee within the organization. The proposed recommendations allow
for the formation of an ethically mature corporate culture, where security is based on moral principles, trust, and respect for
human rights in the digital environment.
Keywords: information security, cybersecurity ethics, corporate codes of ethics, information security policy.

References
1. Гапіченко , А., & Штанько , В. (2025). Етичні принципи як основа кібербезпеки в умовах цифрових
загроз. Збірник наукових праць «ΛΌГOΣ» , (24 січня 2025 р.; Сеул, Південна Корея), 322–325. https://doi.org/
10.36074/logos-24.01.2025.067.
2. Yaghmaei, E., van de Poel, I., Christen, M., Gordijn, B., Kleine, N., Loi, M., Morgan, G., & Weber, K. (2017).
Canvas White Paper 1 Cybersecurity and Ethics. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3091909.
3. WEBER, K. (2022a). CYBERSECURITY AND ETHICAL, SOCIAL, AND POLITICAL
CONSIDERATIONS: WHEN CYBERSECURITY FOR ALL IS NOT ON THE TABLE. Humanities and Social Sciences
quarterly. https://doi.org/10.7862/rz.2022.hss.07.
4. WEBER, K. (2022b). CYBERSECURITY AND ETHICAL, SOCIAL, AND POLITICAL
CONSIDERATIONS: WHEN CYBERSECURITY FOR ALL IS NOT ON THE TABLE. Humanities and Social Sciences
quarterly. https://doi.org/10.7862/rz.2022.hss.07.
5. ПРОФЕСІЙНА ЕТИКА УПРАВЛІНСЬКОЇ ДІЯЛЬНОСТІ В КІБЕРБЕЗПЕЦІ. Навчальний посібник /
С.В. Легомінова, Ю.В. Щавінський, Т.М. Мужанова, Ю.М. Якименко, Т.В. Капелюшна, Д.І. Рабчун, К. : ДУТ,
2023, 198 с.
6. Wright, D. (2011). A framework for the ethical impact assessment of information technology. Ethics and
Information Technology. 13. 199-226. https://doi.org/10.1007/s10676-010-9242-6.
7. Halim, Z., Durya, N. P. M. A., Kraugusteeliana, K., Suherlan, S., & Alfisyahrin, A. L. (2023). Ethics-Based
Leadership in Managing Information Security and Data Privacy. Jurnal Minfo Polgan, 12(2), 1819–1828.
https://doi.org/10.33395/jmp.v12i2.13018.
8. Sharma, N. (2023). The Role of Ethics in Developing Secure Cyber-Security Policies. Tuijin Jishu/Journal of
Propulsion Technology. 43. 250-254. https://doi.org/10.52783/tjjpt.v43.i4.2346.
9. Formosa, P., Wilson, M., & Richards, D. (2021). A principlist framework for cybersecurity ethics. Computers
& Security, 109, 102382. https://doi.org/10.1016/j.cose.2021.102382.
10. Floridi, L., Cowls, J., Beltrametti, M., Chatila, R., Chazerand, P., Dignum, V., Luetge, C., Madelin, R., Pagallo,
U., Rossi, F., Schafer, B., Valcke, P., & Vayena, E. (2018). AI4People – An Ethical Framework for a Good AI Society:
Opportunities, Risks, Principles, and Recommendations. Minds and Machines, 28(4), 689–707.
https://doi.org/10.1007/s11023-018-9482-5.
11. Fenech, J., Richards, D., & Formosa, P. (2024). Ethical principles shaping values-based cybersecurity decisionmaking. Computers & Security, 140, 103795. https://doi.org/10.1016/j.cose.2024.103795.
12. Coates, Rebecca; Baruwal Chhetri, Mohan; Liu, Dongxi; Pieprzyk, Josef; Richelle, Regine; Kang, Wei;
Kwashie, Selasi; Wu, Tina; Nepal, Surya. Risks of quantum computing to cybersecurity: Perspectives from experts and
professionals. Brisbane: CSIRO; 2023. csiro:EP2022-5789. https://doi.org/10.25919/fv3w-6863.
13. Berestiana, T. (2024). Research in the Field of Quantum-Safe Cryptography. Сучасний захист інформації,
2(58), 109–116. https://doi.org/10.31673/2409-7292.2024.020013.
14. ACM. The Code affirms an obligation of computing professionals to use their skills for the benefit of society.
2018. Доступно за посиланням: https://www.acm.org/code-of-ethics . [Дата звернення: 24.06.2025].
15. Christen, M., Gordijn, B., & Loi, M. (2020). The Ethics of Cybersecurity. Springer International Publishing.
https://doi.org/10.1007/978-3-030-29053-5.
16. Воронюк, Ю., та Сатушева, К. (2024). Світовий досвід впровадження етичних принципів в організації
економічної безпеки підприємницької діяльності. Збірник наукових праць «Наукові записки», 34 (1), 6-15.
http://doi.org/10.33111/vz_kneu.34.24.01.01.005.011.