The human factor in information systems is a large vulnerability when implementing cybersecurity, and many approaches, including technical and policy driven solutions, seek to mitigate this vulnerability. Decisions to apply technical or policy solutions must consider how an individual's values and moral stance influence their responses to these implementations. Our research aims to evaluate how individuals prioritise different ethical principles when making cybersecurity sensitive decisions and how much perceived choice they have when doing so. Further, we sought to use participants’ responses to cybersecurity scenarios to create profiles that describe their values and individual factors including personality. Participants ( = 193) in our study responded to five different ethically sensitive cybersecurity scenarios in random order, selecting their action in that scenario and rating and ranking of the ethical principles (i.e., Beneficence, Non-Maleficence, Justice, Autonomy, Explicability) behind that action. Using participants’ demographics, personality, values, and cyber hygiene practices, we created profiles using machine learning to predict participants’ choices and the principle of most importance to them across scenarios. Further, we found that, generalising, for our participants Autonomy was the most important ethical principle in our scenarios, followed by Justice. Our study also suggests that participants felt they had some agency in their decision making and they were able to weigh up different ethical principles.

中文翻译：

---

塑造基于价值观的网络安全决策的道德原则

信息系统中的人为因素是实施网络安全时的一个很大的漏洞，包括技术和政策驱动的解决方案在内的许多方法都试图减轻这一漏洞。应用技术或政策解决方案的决定必须考虑个人的价值观和道德立场如何影响他们对这些实施的反应。我们的研究旨在评估个人在做出网络安全敏感决策时如何优先考虑不同的道德原则，以及他们在这样做时有多少感知选择。此外，我们试图利用参与者对网络安全场景的反应来创建描述他们的价值观和个人因素（包括个性）的档案。我们研究的参与者（= 193）以随机顺序回答了五种不同的道德敏感网络安全场景，选择他们在该场景中的行动，并对背后的道德原则（即善意、非恶意、正义、自治、可解释性）进行评级和排名那个动作。根据参与者的人口统计、个性、价值观和网络卫生习惯，我们使用机器学习创建档案，以预测参与者的选择以及跨场景对他们最重要的原则。此外，我们发现，概括而言，对于我们的参与者来说，自主是我们场景中最重要的道德原则，其次是正义。我们的研究还表明，参与者认为他们在决策中具有一定的代理权，并且能够权衡不同的道德原则。