Ethical principles and normative regulation of professional activity in cybersecurity: international standards, Ukrainian context, and practical guidelines
DOI:
https://doi.org/10.30837/rt.2025.4.223.12Keywords:
ethics, cybersecurity, trust, privacy, responsibility, legislation, standard, regulation, transparency, integrityAbstract
This paper explores the ethical foundations and legal regulation of professional activity in cybersecurity amid digital transformation. The authors emphasize the growing importance of digital trust and moral responsibility in the daily work of cybersecurity professionals. A comparative analysis of European, American, and Ukrainian frameworks (including GDPR, ACM and (ISC)² Codes of Ethics, ENISA recommendations, and Ukrainian legislation) identifies key normative anchors and ethical principles. The study highlights complex dilemmas such as the boundary between privacy and surveillance, ethical vulnerability disclosure, and the role of cybersecurity experts during cyber conflicts. Attention is given to the need for professional certification standards to include ethical components, as well as the integration of ethics into organizational policies, audit procedures, and education. The paper proposes practical guidelines for ethical auditing, internal policy-making, and protection of responsible researchers. Recommendations are also made for harmonizing Ukrainian regulations with international ethical standards and for developing a national code of ethics. This research contributes to the development of a professional cybersecurity culture based on responsibility, transparency, and digital rights. The results are applicable in academic curricula, policy design, and industry governance.
References
ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements, International Organization for Standardization, 2013.
ISO/IEC 27032:2012, Guidelines for cybersecurity, International Organization for Standardization, 2012.
(ISC)², Code of Ethics, 2023. Available at: https://www.isc2.org/Ethics.
Association for Computing Machinery, ACM Code of Ethics and Professional Conduct, 1992. Available at: https://dl.acm.org/doi/10.1145/129875.129885
General Data Protection Regulation (GDPR), European Commission, 2016. Available at: https://gdpr.eu/
European Parliament and Council of the European Union, Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 Dec. 2022. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022L2555
U.S. Securities and Exchange Commission, Cybersecurity Risk Management, Strategy, Governance, and In-cident Disclosure, Final Rule, Release No. 33-11216, 26 July 2023. Available at: https://www.sec.gov/rules-regulations/2023/07/s7-09-22
European Commission, Ethics Guidelines for Trustworthy AI, 2019. Available at: https://op.europa.eu/en/publication-detail/-/publication/d3988569-0434-11ea-8c1f-01aa75ed71a1
European Parliament and Council of the European Union, Regulation (EU) 2019/881 on ENISA (the European Union Agency for Cybersecurity), 17 April 2019. Available at: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32019R0881
European Union Agency for Cybersecurity (ENISA), Cybersecurity Skills Development Guidelines, 2022. Available at: https://www.enisa.europa.eu/publications/cybersecurity-skills-development
Pascoe C., Quinn S., and. Scarfone K. The NIST Cybersecurity Framework (CSF) 2.0 / National Institute of Standards and Technology, 26 February 2024. Available at: https://www.nist.gov/publications/nist-cybersecurity-framework-csf-20
Закон України № 2469-VIII. Про національну безпеку. 21 червня 2018 р. Available at: https://zakon.rada.gov.ua/laws/show/2469-19
Закон України № 2163-VIII. Про основні засади забезпечення кібербезпеки України. 5 жовтня 2017 р. Available at: https://zakon.rada.gov.ua/laws/show/2163-19
Закон України № 2297-VI. Про захист персональних даних. 1 червня 2010 р. (із змінами). Available at: https://zakon.rada.gov.ua/laws/show/2297-17
Закон України № 1089-IX. Про електронні комунікації. 16 грудня 2020 р. Available at: https://zakon.rada.gov.ua/laws/show/1089-20
Закон України № 2657-XII. Про інформацію. 2 жовтня 1992 р. (у редакції). Available at: https://zakon.rada.gov.ua/laws/show/2657-12
Закон України № 2155-VIII. Про електронні довірчі послуги. 5 жовтня 2017 р. Available at: https://zakon.rada.gov.ua/laws/show/2155-19
Закон України № 2170-IX. Про публічні електронні реєстри. 5 жовтня 2022 р. Available at: https://zakon.rada.gov.ua/laws/show/2170-20
Верховна Рада України. Закон України "Про відкритість використання публічних коштів" № 183-VIII, 2015. Available at: https://zakon.rada.gov.ua/laws/show/183-19
Верховна Рада України. Законопроєкт "Про захист критичної інформаційної інфраструктури" (в про-цесі ухвалення), 2023. Available at: https://itd.rada.gov.ua/bill/8475-IX
Президент України, Національна стратегія кібербезпеки України, Указ № 47/2021, 14 травня 2021 р. Available at: https://www.president.gov.ua/documents/472021-35721
Міністерство цифрової трансформації України. Стратегія цифрової трансформації сектору безпеки й оборони України (2022).
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
