A Novel Cybersecurity Ethical Maturity Model Based on AHP Method

Cevat Ozarpa; İsa Avcı; Yahya Zakrya Khan

doi:10.35377/saucis...1734132

EN

A Novel Cybersecurity Ethical Maturity Model Based on AHP Method

Abstract

This study uses the Analytic Hierarchy Process (AHP) method to evaluate the importance of ethical values in the cybersecurity profession and to measure ethical maturity. In a study with 37 cybersecurity professionals from Türkiye, 27 ethical values were organized based on international ethical standards, including those of the ACM, IEEE, ISACA, (ISC)², NIST, and the UK Cyber Security Council. The AHP analysis identified Confidentiality and Privacy, Awareness of Responsibility, and Cyber Sovereignty and Independence Ethics as the most vital values, representing 11.98% of the total. Conversely, values such as Transparency, Respect for Cultural Diversity, and Traceability were considered less important. The study also introduced a new Cybersecurity Ethical Maturity Model, outlining ethical development across five stages, and compared this model with selected cyber incidents in Türkiye. It highlights the effect of ethical violations on public trust and offers recommendations for policy and training strategies. Overall, the study contributes a unique, quantitative ethical assessment tool aligned with international standards and provides a strategic framework for fostering a sustainable digital security culture.

Keywords

References

A. Benlahcene, R. B. Zainuddin, N. Syakiran, and A. B. Ismail, “A narrative review of ethics theories: teleological & deontological ethics,” J. Humanities Soc. Sci. (IOSR-JHSS), vol. 23, no. 1, pp. 31–32, 2018.
“Ethical theories: Virtue ethics, utilitarianism, deontology.” Philosophos [Online]. Available: https://www.philosophos.org/ethical-theories-virtue-ethics-utilitarianism-deontology. [Accessed: 2-May-2025].
M. Manjikian, "Cybersecurity Ethics: An Introduction". Routledge, 2017.
L. Floridi and M. Taddeo, “What is data ethics?” Philos. Trans. R. Soc. A: Math., Phys. Eng. Sci., vol. 374, no. 2083, Art. no. 20160360, 2016.
Association for Computing Machinery, “ACM Code of Ethics and Professional Conduct.” [Online]. Available: https://www.acm.org/code-of-ethics. [Accessed: 2-May-2025].
(ISC)², “Code of Ethics.” [Online]. Available: https://www.isc2.org/Ethics. [Accessed: 5-May-2025].
Information Systems Audit and Control Association (ISACA), “Code of Professional Ethics.” [Online]. Available: https://engage.isaca.org/newenglandchapter/aboutchapter/new-page. [Accessed: 5-May-2025].
National Institute of Standards and Technology, NIST Open Government Plan 2016. Gaithersburg, MD, USA: NIST, 2016. [Online]. Available: https://www.nist.gov/document/formattednistopengovernmentplan2016finalpdf. [Accessed: 7-May-2025].

UK Cyber Security Council, “Ethical principles for individuals.” [Online]. Available: https://www.ukcybersecuritycouncil.org.uk/ethics/ethical-principles-for-individuals/. [Accessed: 12-May-2025].
UK Cyber Security Council, “Ethical declaration.” [Online]. Available: https://www.ukcybersecuritycouncil.org.uk/ethics/ethical-declaration/. [Accessed: 12-May-2025].
EDUNINE 2025, “IEEE policies: Code of Ethics.” [Online]. Available: https://edunine.eu/edunine2025/eng/ieeePolicies.php#codeE. [Accessed: 12-May-2025].
B. Curtis, B. Hefley, and S. Miller, "People Capability Maturity Model (P-CMM), Version 2.0". Pittsburgh, PA, USA: Software Engineering Institute, pp. 1–533, 2009.
T. L. Saaty, “A scaling method for priorities in hierarchical structures,” J. Math. Psychol., vol. 15, no. 3, pp. 234–281, 1977.
İ. Avcı and M. Koca, “A novel security risk analysis using the AHP method in smart railway systems,” Appl. Sci., vol. 14, no. 10, Art. no. 4243, 2024.
A. J. S. Rojas, E. F. P. Valencia, J. Armas-Aguirre, and J. M. M. Molina, “Cybersecurity maturity model for the protection and privacy of personal health data,” in Proc. 2022 IEEE 2nd Int. Conf. Adv. Learning Technol. Educ. & Res. (ICALTER), pp. 1–4, Nov. 2022.
A E. David, “An ethical framework for cybersecurity professionals: A grounded theory study,” Ph.D. dissertation, Northcentral Univ., Prescott, AZ, USA, 2022.
B. Sadeghi, D. Richards, P. Formosa, M. McEwan, M. H. A. Bajwa, M. Hitchens, and M. Ryan, “Modelling the ethical priorities influencing decision-making in cybersecurity contexts,” Organ. Cybersecurity J.: Pract., Process People, vol. 3, no. 2, pp. 127–149, 2023.
N. Sjelin and G. White, “The Community Cyber Security Maturity Model,” in Cyber-Physical Security: Protecting Critical Infrastructure at the State and Local Level, Cham, Switzerland: Springer Int. Publishing, pp. 161–183, 2016.
A. M. Rea-Guaman, T. San Feliu, J. A. Calvo-Manzano, and I. D. Sanchez-Garcia, “Comparative study of cybersecurity capability maturity models,” in Proc. 17th Int. Conf. Software Process Improvement and Capability Determination (SPICE), Palma de Mallorca, Spain, Oct. 4–5, pp. 100–113, 2017.
SO.org, “ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements.” [Online]. Available: https://www.iso.org/standard/27001. [Accessed: 18-Oct-2025].
Türk Standardları Enstitüsü (TSE), “TS EN ISO/IEC 27001 Information Security Management System (Management Systems Certification).” [Online]. Available: https://www.tse.org.tr/bilgi-guvenligi-yonetim-sistemi-bgys-belgelendirmesi-ts-iso-iec-27001/. [Accessed: 18-Oct-2025].
T.C. Cumhurbaşkanlığı, “Bilgi ve İletişim Güvenliği Tedbirleri ile İlgili 2019/12 Sayılı Cumhurbaşkanlığı Genelgesi [Presidential Circular No. 2019/12 on Information and Communication Security Measures],” [Online]. Available: https://www.lexpera.com.tr/resmi-gazete/metin/bilgi-ve-iletisim-guvenligi-tedbirleri-ile-ilgili-2019-12-sayili-cumhurbaskanligi-genelgesi-30823-1. [Accessed: 18-Oct-2025]. [in Turkish]
T.C. Cumhurbaşkanlığı Dijital Dönüşüm Ofisi, “Bilgi ve İletişim Güvenliği Denetim Rehberi [Information and Communication Security Audit Guide],” [Online]. Available: https://ms.hmb.gov.tr/uploads/2021/12/BG_Denetim_Rehberi-1.pdf. [Accessed: 18-Eki-2025]. [in Turkish]
T.C. Ulaştırma ve Altyapı Bakanlığı, “Ulusal Siber Güvenlik Stratejisi ve Eylem Planı 2024-2028 [National Cybersecurity Strategy and Action Plan 2024–2028],” [Online]. Available: https://www.uab.gov.tr/uploads/pages/siber-guvenligin-yol-haritasi-yerli-ve-milli-tekno/ulusal-siber-guvenlik-stratejisi-2024-2028.pdf. [Accessed: 18-Oct-2025]. [in Turkish]
P. Formosa, M. Wilson, and D. Richards, “A principlist framework for cybersecurity ethics,” Computers & Security, vol. 109, Art. no. 102382, 2021.
I. Flechais and G. Chalhoub, “Practical cybersecurity ethics: mapping CyBOK to ethical concerns,” in Proc. 2023 New Security Paradigms Workshop (NSPW), pp. 62–75, Sep. 2023.
M. S. Nasir, H. Khan, A. Qureshi, A. Rafiq, and T. Rasheed, “Ethical aspects in cyber security: Maintaining data integrity and protection: A review,” Spectrum Eng. Sci., vol. 2, no. 3, pp. 420–454, 2024.
N. Al-Hashem and A. Saidi, “The psychological aspect of cybersecurity: understanding cyber threat perception and decision-making,” Int. J. Appl. Mach. Learn. Comput. Intell., vol. 13, no. 8, pp. 11–22, 2023.
A A. G. Navdeep and V. S. Muskan, “The role of ethics in developing secure cyber-security policies,” Tuijin Jishu J. Propuls. Technol., 2023.
S. Bıçakçı, F. D. Ergun, and M. Çelikpala, “Türkiye’de siber güvenlik [Cybersecurity in Türkiye],” Ekonomi ve Dış Politika Araştırma Merkezi (EDAM), Siber Politika Kağıtları Serisi, no. 1, pp. 1–35, 2015. [in Turkish]
Anadolu Ajansı, “E-Devlet Kapısı’ndan dijital altyapılarından veri sızıntısı iddialarına ilişkin açıklama [Statement on allegations of data leakage from e-Government Gateway digital infrastructures],” Anadolu Ajansı, 27-Oct-2021. [Online]. Available: https://www.aa.com.tr/tr/gundem/e-devlet-kapisindan-dijital-altyapilarindan-veri-sizintisi-iddialarina-iliskin-aciklama/. [Accessed: May-15-2025]. [in Turkish]
Ö. Kutlu and S. Kahraman, “An Analysis of Personal Data Protection Policy in Turkey,” Siyaset, Ekonomi ve Yönetim Araştırmaları Dergisi, vol. 5, no. 4, pp. 45–62, 2017.
H. Yeşilyurt, “Cyber Security Risks and Solutions in the Financial Services Sector: Payment Systems and Supply Chain Integrity,” Celal Bayar Univ. Sos. Bilimler Dergisi, vol. 13, no. 2, pp. 97–120, 2015.
H. Çakır and M. Taşer, “Evaluation of Cyber Security Activities and Training Studies in Turkey,” Gazi Univ. J. Sci. Part C: Design Technol., pp. 1–1, 2023.
İ. Avcı and M. Koca, “Cybersecurity attack detection model using machine-learning techniques,” Acta Polytech. Hung., vol. 20, no. 7, pp. 29–44, 2023.
Anadolu Ajansı, “TürkNet’ten siber saldırı açıklaması [TurkNet’s statement on cyberattack],” Anadolu Ajansı, Apr-15-2025. [Online]. Available: https://www.aa.com.tr/tr/bilim-teknoloji/turknetten-siber-saldiri-aciklamasi/3508607. [Accessed: 16-May-2025].
İ. Avcı, “Investigation of cyber-attack methods and measures in smart grids,” Sakarya Univ. J. Sci., vol. 25, no. 4, pp. 1049–1060, 2021.
B. Ren, Q. Zhang, J. Ren, S. Ye, and F. Yan, “A novel hybrid approach for water resources carrying capacity assessment by integrating fuzzy comprehensive evaluation and analytical hierarchy process methods with the cloud model,” Water, vol. 12, no. 11, p. 3241, 2020.

Details

Primary Language

English

Subjects

Software Engineering (Other)

Journal Section

Research Article

Authors

Cevat Ozarpa
0000-0002-1195-2344
Türkiye

İsa Avcı
0000-0001-7032-8018
Türkiye

Yahya Zakrya Khan ^*
0009-0006-7591-4247
Türkiye

Early Pub Date

December 11, 2025

Publication Date

December 29, 2025

Submission Date

July 3, 2025

Acceptance Date

November 2, 2025

Published in Issue

Year 2025 Volume: 8 Number: 4

DOI

https://doi.org/10.35377/saucis...1734132

IZ

https://izlik.org/JA94FJ74GC

Cite

RIS / Bibtex

APA

Ozarpa, C., Avcı, İ., & Zakrya Khan, Y. (2025). A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. Sakarya University Journal of Computer and Information Sciences, 8(4), 740-761. https://doi.org/10.35377/saucis...1734132

AMA

1.Ozarpa C, Avcı İ, Zakrya Khan Y. A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. SAUCIS. 2025;8(4):740-761. doi:10.35377/saucis.1734132

Chicago

Ozarpa, Cevat, İsa Avcı, and Yahya Zakrya Khan. 2025. “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”. Sakarya University Journal of Computer and Information Sciences 8 (4): 740-61. https://doi.org/10.35377/saucis. 1734132.

EndNote

Ozarpa C, Avcı İ, Zakrya Khan Y (December 1, 2025) A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. Sakarya University Journal of Computer and Information Sciences 8 4 740–761.

IEEE

[1]C. Ozarpa, İ. Avcı, and Y. Zakrya Khan, “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”, SAUCIS, vol. 8, no. 4, pp. 740–761, Dec. 2025, doi: 10.35377/saucis...1734132.

ISNAD

Ozarpa, Cevat - Avcı, İsa - Zakrya Khan, Yahya. “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”. Sakarya University Journal of Computer and Information Sciences 8/4 (December 1, 2025): 740-761. https://doi.org/10.35377/saucis. 1734132.

JAMA

1.Ozarpa C, Avcı İ, Zakrya Khan Y. A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. SAUCIS. 2025;8:740–761.

MLA

Ozarpa, Cevat, et al. “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”. Sakarya University Journal of Computer and Information Sciences, vol. 8, no. 4, Dec. 2025, pp. 740-61, doi:10.35377/saucis. 1734132.

Vancouver

1.Cevat Ozarpa, İsa Avcı, Yahya Zakrya Khan. A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. SAUCIS. 2025 Dec. 1;8(4):740-61. doi:10.35377/saucis. 1734132