Entrapment behind the firewall: the ethics of internal cyber-stings

Morgan Luck


Internal cyber-attacks (cyber-attacks which occur from within an organization) pose a serious threat to an organization’s security. One tool that organizations can employ to help them detect such threats is the internal cyber-sting. An internal cyber-sting involves an organization enticing its members into performing a (controlled) internal cyber-attack in order to apprehend them.  However, there is (rightly) considerable moral consternation about employing such a tool; for it is deceitful and undermines trust. The aim of this paper is to present four separate actions that might be taken by organizations to strengthen their moral reason for employing internal cyber-stings.


Entrapment; Cyber-Security; Stings; Internal Threats; Ethics

Full Text:


DOI: http://dx.doi.org/10.3127/ajis.v23i0.1886

License URL: https://creativecommons.org/licenses/by-nc/3.0/au/

Creative Commons License
ISSN: Online: 1326-2238 Hard copy: 1449-8618
This work is licensed under a Creative Commons Attribution-NonCommercial Licence. Uses the Open Journal Systems. Web design by TomW.