Entrapment behind the firewall: the ethics of internal cyber-stings
Internal cyber-attacks (cyber-attacks which occur from within an organization) pose a serious threat to an organization’s security. One tool that organizations can employ to help them detect such threats is the internal cyber-sting. An internal cyber-sting involves an organization enticing its members into performing a (controlled) internal cyber-attack in order to apprehend them. However, there is (rightly) considerable moral consternation about employing such a tool; for it is deceitful and undermines trust. The aim of this paper is to present four separate actions that might be taken by organizations to strengthen their moral reason for employing internal cyber-stings.
AJIS publishes open-access articles distributed under the terms of a Creative Commons Non-Commercial and Attribution License which permits non-commercial use, distribution, and reproduction in any medium, provided the original author and AJIS are credited. All other rights including granting permissions beyond those in the above license remain the property of the author(s).