A Novel Cybersecurity Ethical Maturity Model Based on AHP Method

Cevat Ozarpa; İsa Avcı; Yahya Zakrya Khan

doi:10.35377/saucis...1734132

Research Article

Year 2025, Volume: 8 Issue: 4, 740 - 761, 29.12.2025

Cevat Ozarpa , İsa Avcı , Yahya Zakrya Khan

https://doi.org/10.35377/saucis...1734132

Abstract

References

A. Benlahcene, R. B. Zainuddin, N. Syakiran, and A. B. Ismail, “A narrative review of ethics theories: teleological & deontological ethics,” J. Humanities Soc. Sci. (IOSR-JHSS), vol. 23, no. 1, pp. 31–32, 2018.
“Ethical theories: Virtue ethics, utilitarianism, deontology.” Philosophos [Online]. Available: https://www.philosophos.org/ethical-theories-virtue-ethics-utilitarianism-deontology. [Accessed: 2-May-2025].
M. Manjikian, "Cybersecurity Ethics: An Introduction". Routledge, 2017.
L. Floridi and M. Taddeo, “What is data ethics?” Philos. Trans. R. Soc. A: Math., Phys. Eng. Sci., vol. 374, no. 2083, Art. no. 20160360, 2016.
Association for Computing Machinery, “ACM Code of Ethics and Professional Conduct.” [Online]. Available: https://www.acm.org/code-of-ethics. [Accessed: 2-May-2025].
(ISC)², “Code of Ethics.” [Online]. Available: https://www.isc2.org/Ethics. [Accessed: 5-May-2025].
Information Systems Audit and Control Association (ISACA), “Code of Professional Ethics.” [Online]. Available: https://engage.isaca.org/newenglandchapter/aboutchapter/new-page. [Accessed: 5-May-2025].
National Institute of Standards and Technology, NIST Open Government Plan 2016. Gaithersburg, MD, USA: NIST, 2016. [Online]. Available: https://www.nist.gov/document/formattednistopengovernmentplan2016finalpdf. [Accessed: 7-May-2025].
UK Cyber Security Council, “Ethical principles for individuals.” [Online]. Available: https://www.ukcybersecuritycouncil.org.uk/ethics/ethical-principles-for-individuals/. [Accessed: 12-May-2025].
UK Cyber Security Council, “Ethical declaration.” [Online]. Available: https://www.ukcybersecuritycouncil.org.uk/ethics/ethical-declaration/. [Accessed: 12-May-2025].
EDUNINE 2025, “IEEE policies: Code of Ethics.” [Online]. Available: https://edunine.eu/edunine2025/eng/ieeePolicies.php#codeE. [Accessed: 12-May-2025].
B. Curtis, B. Hefley, and S. Miller, "People Capability Maturity Model (P-CMM), Version 2.0". Pittsburgh, PA, USA: Software Engineering Institute, pp. 1–533, 2009.
T. L. Saaty, “A scaling method for priorities in hierarchical structures,” J. Math. Psychol., vol. 15, no. 3, pp. 234–281, 1977.
İ. Avcı and M. Koca, “A novel security risk analysis using the AHP method in smart railway systems,” Appl. Sci., vol. 14, no. 10, Art. no. 4243, 2024.
A. J. S. Rojas, E. F. P. Valencia, J. Armas-Aguirre, and J. M. M. Molina, “Cybersecurity maturity model for the protection and privacy of personal health data,” in Proc. 2022 IEEE 2nd Int. Conf. Adv. Learning Technol. Educ. & Res. (ICALTER), pp. 1–4, Nov. 2022.
A E. David, “An ethical framework for cybersecurity professionals: A grounded theory study,” Ph.D. dissertation, Northcentral Univ., Prescott, AZ, USA, 2022.
B. Sadeghi, D. Richards, P. Formosa, M. McEwan, M. H. A. Bajwa, M. Hitchens, and M. Ryan, “Modelling the ethical priorities influencing decision-making in cybersecurity contexts,” Organ. Cybersecurity J.: Pract., Process People, vol. 3, no. 2, pp. 127–149, 2023.
N. Sjelin and G. White, “The Community Cyber Security Maturity Model,” in Cyber-Physical Security: Protecting Critical Infrastructure at the State and Local Level, Cham, Switzerland: Springer Int. Publishing, pp. 161–183, 2016.
A. M. Rea-Guaman, T. San Feliu, J. A. Calvo-Manzano, and I. D. Sanchez-Garcia, “Comparative study of cybersecurity capability maturity models,” in Proc. 17th Int. Conf. Software Process Improvement and Capability Determination (SPICE), Palma de Mallorca, Spain, Oct. 4–5, pp. 100–113, 2017.
SO.org, “ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements.” [Online]. Available: https://www.iso.org/standard/27001. [Accessed: 18-Oct-2025].
Türk Standardları Enstitüsü (TSE), “TS EN ISO/IEC 27001 Information Security Management System (Management Systems Certification).” [Online]. Available: https://www.tse.org.tr/bilgi-guvenligi-yonetim-sistemi-bgys-belgelendirmesi-ts-iso-iec-27001/. [Accessed: 18-Oct-2025].
T.C. Cumhurbaşkanlığı, “Bilgi ve İletişim Güvenliği Tedbirleri ile İlgili 2019/12 Sayılı Cumhurbaşkanlığı Genelgesi [Presidential Circular No. 2019/12 on Information and Communication Security Measures],” [Online]. Available: https://www.lexpera.com.tr/resmi-gazete/metin/bilgi-ve-iletisim-guvenligi-tedbirleri-ile-ilgili-2019-12-sayili-cumhurbaskanligi-genelgesi-30823-1. [Accessed: 18-Oct-2025]. [in Turkish]
T.C. Cumhurbaşkanlığı Dijital Dönüşüm Ofisi, “Bilgi ve İletişim Güvenliği Denetim Rehberi [Information and Communication Security Audit Guide],” [Online]. Available: https://ms.hmb.gov.tr/uploads/2021/12/BG_Denetim_Rehberi-1.pdf. [Accessed: 18-Eki-2025]. [in Turkish]
T.C. Ulaştırma ve Altyapı Bakanlığı, “Ulusal Siber Güvenlik Stratejisi ve Eylem Planı 2024-2028 [National Cybersecurity Strategy and Action Plan 2024–2028],” [Online]. Available: https://www.uab.gov.tr/uploads/pages/siber-guvenligin-yol-haritasi-yerli-ve-milli-tekno/ulusal-siber-guvenlik-stratejisi-2024-2028.pdf. [Accessed: 18-Oct-2025]. [in Turkish]
P. Formosa, M. Wilson, and D. Richards, “A principlist framework for cybersecurity ethics,” Computers & Security, vol. 109, Art. no. 102382, 2021.
I. Flechais and G. Chalhoub, “Practical cybersecurity ethics: mapping CyBOK to ethical concerns,” in Proc. 2023 New Security Paradigms Workshop (NSPW), pp. 62–75, Sep. 2023.
M. S. Nasir, H. Khan, A. Qureshi, A. Rafiq, and T. Rasheed, “Ethical aspects in cyber security: Maintaining data integrity and protection: A review,” Spectrum Eng. Sci., vol. 2, no. 3, pp. 420–454, 2024.
N. Al-Hashem and A. Saidi, “The psychological aspect of cybersecurity: understanding cyber threat perception and decision-making,” Int. J. Appl. Mach. Learn. Comput. Intell., vol. 13, no. 8, pp. 11–22, 2023.
A A. G. Navdeep and V. S. Muskan, “The role of ethics in developing secure cyber-security policies,” Tuijin Jishu J. Propuls. Technol., 2023.
S. Bıçakçı, F. D. Ergun, and M. Çelikpala, “Türkiye’de siber güvenlik [Cybersecurity in Türkiye],” Ekonomi ve Dış Politika Araştırma Merkezi (EDAM), Siber Politika Kağıtları Serisi, no. 1, pp. 1–35, 2015. [in Turkish]
Anadolu Ajansı, “E-Devlet Kapısı’ndan dijital altyapılarından veri sızıntısı iddialarına ilişkin açıklama [Statement on allegations of data leakage from e-Government Gateway digital infrastructures],” Anadolu Ajansı, 27-Oct-2021. [Online]. Available: https://www.aa.com.tr/tr/gundem/e-devlet-kapisindan-dijital-altyapilarindan-veri-sizintisi-iddialarina-iliskin-aciklama/. [Accessed: May-15-2025]. [in Turkish]
Ö. Kutlu and S. Kahraman, “An Analysis of Personal Data Protection Policy in Turkey,” Siyaset, Ekonomi ve Yönetim Araştırmaları Dergisi, vol. 5, no. 4, pp. 45–62, 2017.
H. Yeşilyurt, “Cyber Security Risks and Solutions in the Financial Services Sector: Payment Systems and Supply Chain Integrity,” Celal Bayar Univ. Sos. Bilimler Dergisi, vol. 13, no. 2, pp. 97–120, 2015.
H. Çakır and M. Taşer, “Evaluation of Cyber Security Activities and Training Studies in Turkey,” Gazi Univ. J. Sci. Part C: Design Technol., pp. 1–1, 2023.
İ. Avcı and M. Koca, “Cybersecurity attack detection model using machine-learning techniques,” Acta Polytech. Hung., vol. 20, no. 7, pp. 29–44, 2023.
Anadolu Ajansı, “TürkNet’ten siber saldırı açıklaması [TurkNet’s statement on cyberattack],” Anadolu Ajansı, Apr-15-2025. [Online]. Available: https://www.aa.com.tr/tr/bilim-teknoloji/turknetten-siber-saldiri-aciklamasi/3508607. [Accessed: 16-May-2025].
İ. Avcı, “Investigation of cyber-attack methods and measures in smart grids,” Sakarya Univ. J. Sci., vol. 25, no. 4, pp. 1049–1060, 2021.
B. Ren, Q. Zhang, J. Ren, S. Ye, and F. Yan, “A novel hybrid approach for water resources carrying capacity assessment by integrating fuzzy comprehensive evaluation and analytical hierarchy process methods with the cloud model,” Water, vol. 12, no. 11, p. 3241, 2020.

A Novel Cybersecurity Ethical Maturity Model Based on AHP Method

Year 2025, Volume: 8 Issue: 4, 740 - 761, 29.12.2025

Cevat Ozarpa , İsa Avcı , Yahya Zakrya Khan

https://doi.org/10.35377/saucis...1734132

Abstract

This study uses the Analytic Hierarchy Process (AHP) method to evaluate the importance of ethical values in the cybersecurity profession and to measure ethical maturity. In a study with 37 cybersecurity professionals from Türkiye, 27 ethical values were organized based on international ethical standards, including those of the ACM, IEEE, ISACA, (ISC)², NIST, and the UK Cyber Security Council. The AHP analysis identified Confidentiality and Privacy, Awareness of Responsibility, and Cyber Sovereignty and Independence Ethics as the most vital values, representing 11.98% of the total. Conversely, values such as Transparency, Respect for Cultural Diversity, and Traceability were considered less important. The study also introduced a new Cybersecurity Ethical Maturity Model, outlining ethical development across five stages, and compared this model with selected cyber incidents in Türkiye. It highlights the effect of ethical violations on public trust and offers recommendations for policy and training strategies. Overall, the study contributes a unique, quantitative ethical assessment tool aligned with international standards and provides a strategic framework for fostering a sustainable digital security culture.

Keywords

Cybersecurity , Cyber Ethical Values , Analytic Hierarchy Process (AHP) , Ethical Maturity Model , Privacy and Confidentiality

References

A. Benlahcene, R. B. Zainuddin, N. Syakiran, and A. B. Ismail, “A narrative review of ethics theories: teleological & deontological ethics,” J. Humanities Soc. Sci. (IOSR-JHSS), vol. 23, no. 1, pp. 31–32, 2018.
“Ethical theories: Virtue ethics, utilitarianism, deontology.” Philosophos [Online]. Available: https://www.philosophos.org/ethical-theories-virtue-ethics-utilitarianism-deontology. [Accessed: 2-May-2025].
M. Manjikian, "Cybersecurity Ethics: An Introduction". Routledge, 2017.
L. Floridi and M. Taddeo, “What is data ethics?” Philos. Trans. R. Soc. A: Math., Phys. Eng. Sci., vol. 374, no. 2083, Art. no. 20160360, 2016.
Association for Computing Machinery, “ACM Code of Ethics and Professional Conduct.” [Online]. Available: https://www.acm.org/code-of-ethics. [Accessed: 2-May-2025].
(ISC)², “Code of Ethics.” [Online]. Available: https://www.isc2.org/Ethics. [Accessed: 5-May-2025].
Information Systems Audit and Control Association (ISACA), “Code of Professional Ethics.” [Online]. Available: https://engage.isaca.org/newenglandchapter/aboutchapter/new-page. [Accessed: 5-May-2025].
National Institute of Standards and Technology, NIST Open Government Plan 2016. Gaithersburg, MD, USA: NIST, 2016. [Online]. Available: https://www.nist.gov/document/formattednistopengovernmentplan2016finalpdf. [Accessed: 7-May-2025].
UK Cyber Security Council, “Ethical principles for individuals.” [Online]. Available: https://www.ukcybersecuritycouncil.org.uk/ethics/ethical-principles-for-individuals/. [Accessed: 12-May-2025].
UK Cyber Security Council, “Ethical declaration.” [Online]. Available: https://www.ukcybersecuritycouncil.org.uk/ethics/ethical-declaration/. [Accessed: 12-May-2025].
EDUNINE 2025, “IEEE policies: Code of Ethics.” [Online]. Available: https://edunine.eu/edunine2025/eng/ieeePolicies.php#codeE. [Accessed: 12-May-2025].
B. Curtis, B. Hefley, and S. Miller, "People Capability Maturity Model (P-CMM), Version 2.0". Pittsburgh, PA, USA: Software Engineering Institute, pp. 1–533, 2009.
T. L. Saaty, “A scaling method for priorities in hierarchical structures,” J. Math. Psychol., vol. 15, no. 3, pp. 234–281, 1977.
İ. Avcı and M. Koca, “A novel security risk analysis using the AHP method in smart railway systems,” Appl. Sci., vol. 14, no. 10, Art. no. 4243, 2024.
A. J. S. Rojas, E. F. P. Valencia, J. Armas-Aguirre, and J. M. M. Molina, “Cybersecurity maturity model for the protection and privacy of personal health data,” in Proc. 2022 IEEE 2nd Int. Conf. Adv. Learning Technol. Educ. & Res. (ICALTER), pp. 1–4, Nov. 2022.
A E. David, “An ethical framework for cybersecurity professionals: A grounded theory study,” Ph.D. dissertation, Northcentral Univ., Prescott, AZ, USA, 2022.
B. Sadeghi, D. Richards, P. Formosa, M. McEwan, M. H. A. Bajwa, M. Hitchens, and M. Ryan, “Modelling the ethical priorities influencing decision-making in cybersecurity contexts,” Organ. Cybersecurity J.: Pract., Process People, vol. 3, no. 2, pp. 127–149, 2023.
N. Sjelin and G. White, “The Community Cyber Security Maturity Model,” in Cyber-Physical Security: Protecting Critical Infrastructure at the State and Local Level, Cham, Switzerland: Springer Int. Publishing, pp. 161–183, 2016.
A. M. Rea-Guaman, T. San Feliu, J. A. Calvo-Manzano, and I. D. Sanchez-Garcia, “Comparative study of cybersecurity capability maturity models,” in Proc. 17th Int. Conf. Software Process Improvement and Capability Determination (SPICE), Palma de Mallorca, Spain, Oct. 4–5, pp. 100–113, 2017.
SO.org, “ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements.” [Online]. Available: https://www.iso.org/standard/27001. [Accessed: 18-Oct-2025].
Türk Standardları Enstitüsü (TSE), “TS EN ISO/IEC 27001 Information Security Management System (Management Systems Certification).” [Online]. Available: https://www.tse.org.tr/bilgi-guvenligi-yonetim-sistemi-bgys-belgelendirmesi-ts-iso-iec-27001/. [Accessed: 18-Oct-2025].
T.C. Cumhurbaşkanlığı, “Bilgi ve İletişim Güvenliği Tedbirleri ile İlgili 2019/12 Sayılı Cumhurbaşkanlığı Genelgesi [Presidential Circular No. 2019/12 on Information and Communication Security Measures],” [Online]. Available: https://www.lexpera.com.tr/resmi-gazete/metin/bilgi-ve-iletisim-guvenligi-tedbirleri-ile-ilgili-2019-12-sayili-cumhurbaskanligi-genelgesi-30823-1. [Accessed: 18-Oct-2025]. [in Turkish]
T.C. Cumhurbaşkanlığı Dijital Dönüşüm Ofisi, “Bilgi ve İletişim Güvenliği Denetim Rehberi [Information and Communication Security Audit Guide],” [Online]. Available: https://ms.hmb.gov.tr/uploads/2021/12/BG_Denetim_Rehberi-1.pdf. [Accessed: 18-Eki-2025]. [in Turkish]
T.C. Ulaştırma ve Altyapı Bakanlığı, “Ulusal Siber Güvenlik Stratejisi ve Eylem Planı 2024-2028 [National Cybersecurity Strategy and Action Plan 2024–2028],” [Online]. Available: https://www.uab.gov.tr/uploads/pages/siber-guvenligin-yol-haritasi-yerli-ve-milli-tekno/ulusal-siber-guvenlik-stratejisi-2024-2028.pdf. [Accessed: 18-Oct-2025]. [in Turkish]
P. Formosa, M. Wilson, and D. Richards, “A principlist framework for cybersecurity ethics,” Computers & Security, vol. 109, Art. no. 102382, 2021.
I. Flechais and G. Chalhoub, “Practical cybersecurity ethics: mapping CyBOK to ethical concerns,” in Proc. 2023 New Security Paradigms Workshop (NSPW), pp. 62–75, Sep. 2023.
M. S. Nasir, H. Khan, A. Qureshi, A. Rafiq, and T. Rasheed, “Ethical aspects in cyber security: Maintaining data integrity and protection: A review,” Spectrum Eng. Sci., vol. 2, no. 3, pp. 420–454, 2024.
N. Al-Hashem and A. Saidi, “The psychological aspect of cybersecurity: understanding cyber threat perception and decision-making,” Int. J. Appl. Mach. Learn. Comput. Intell., vol. 13, no. 8, pp. 11–22, 2023.
A A. G. Navdeep and V. S. Muskan, “The role of ethics in developing secure cyber-security policies,” Tuijin Jishu J. Propuls. Technol., 2023.
S. Bıçakçı, F. D. Ergun, and M. Çelikpala, “Türkiye’de siber güvenlik [Cybersecurity in Türkiye],” Ekonomi ve Dış Politika Araştırma Merkezi (EDAM), Siber Politika Kağıtları Serisi, no. 1, pp. 1–35, 2015. [in Turkish]
Anadolu Ajansı, “E-Devlet Kapısı’ndan dijital altyapılarından veri sızıntısı iddialarına ilişkin açıklama [Statement on allegations of data leakage from e-Government Gateway digital infrastructures],” Anadolu Ajansı, 27-Oct-2021. [Online]. Available: https://www.aa.com.tr/tr/gundem/e-devlet-kapisindan-dijital-altyapilarindan-veri-sizintisi-iddialarina-iliskin-aciklama/. [Accessed: May-15-2025]. [in Turkish]
Ö. Kutlu and S. Kahraman, “An Analysis of Personal Data Protection Policy in Turkey,” Siyaset, Ekonomi ve Yönetim Araştırmaları Dergisi, vol. 5, no. 4, pp. 45–62, 2017.
H. Yeşilyurt, “Cyber Security Risks and Solutions in the Financial Services Sector: Payment Systems and Supply Chain Integrity,” Celal Bayar Univ. Sos. Bilimler Dergisi, vol. 13, no. 2, pp. 97–120, 2015.
H. Çakır and M. Taşer, “Evaluation of Cyber Security Activities and Training Studies in Turkey,” Gazi Univ. J. Sci. Part C: Design Technol., pp. 1–1, 2023.
İ. Avcı and M. Koca, “Cybersecurity attack detection model using machine-learning techniques,” Acta Polytech. Hung., vol. 20, no. 7, pp. 29–44, 2023.
Anadolu Ajansı, “TürkNet’ten siber saldırı açıklaması [TurkNet’s statement on cyberattack],” Anadolu Ajansı, Apr-15-2025. [Online]. Available: https://www.aa.com.tr/tr/bilim-teknoloji/turknetten-siber-saldiri-aciklamasi/3508607. [Accessed: 16-May-2025].
İ. Avcı, “Investigation of cyber-attack methods and measures in smart grids,” Sakarya Univ. J. Sci., vol. 25, no. 4, pp. 1049–1060, 2021.
B. Ren, Q. Zhang, J. Ren, S. Ye, and F. Yan, “A novel hybrid approach for water resources carrying capacity assessment by integrating fuzzy comprehensive evaluation and analytical hierarchy process methods with the cloud model,” Water, vol. 12, no. 11, p. 3241, 2020.

There are 38 citations in total.

Details

Primary Language	English
Subjects	Software Engineering (Other)
Journal Section	Research Article
Authors	Cevat Ozarpa 0000-0002-1195-2344 İsa Avcı 0000-0001-7032-8018 Yahya Zakrya Khan 0009-0006-7591-4247
Submission Date	July 3, 2025
Acceptance Date	November 2, 2025
Early Pub Date	December 11, 2025
Publication Date	December 29, 2025
Published in Issue	Year 2025 Volume: 8 Issue: 4

Cite

APA	Ozarpa, C., Avcı, İ., & Zakrya Khan, Y. (2025). A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. Sakarya University Journal of Computer and Information Sciences, 8(4), 740-761. https://doi.org/10.35377/saucis...1734132
AMA	Ozarpa C, Avcı İ, Zakrya Khan Y. A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. SAUCIS. December 2025;8(4):740-761. doi:10.35377/saucis.1734132
Chicago	Ozarpa, Cevat, İsa Avcı, and Yahya Zakrya Khan. “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”. Sakarya University Journal of Computer and Information Sciences 8, no. 4 (December 2025): 740-61. https://doi.org/10.35377/saucis. 1734132.
EndNote	Ozarpa C, Avcı İ, Zakrya Khan Y (December 1, 2025) A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. Sakarya University Journal of Computer and Information Sciences 8 4 740–761.
IEEE	C. Ozarpa, İ. Avcı, and Y. Zakrya Khan, “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”, SAUCIS, vol. 8, no. 4, pp. 740–761, 2025, doi: 10.35377/saucis...1734132.
ISNAD	Ozarpa, Cevat et al. “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”. Sakarya University Journal of Computer and Information Sciences 8/4 (December2025), 740-761. https://doi.org/10.35377/saucis. 1734132.
JAMA	Ozarpa C, Avcı İ, Zakrya Khan Y. A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. SAUCIS. 2025;8:740–761.
MLA	Ozarpa, Cevat et al. “A Novel Cybersecurity Ethical Maturity Model Based on AHP Method”. Sakarya University Journal of Computer and Information Sciences, vol. 8, no. 4, 2025, pp. 740-61, doi:10.35377/saucis. 1734132.
Vancouver	Ozarpa C, Avcı İ, Zakrya Khan Y. A Novel Cybersecurity Ethical Maturity Model Based on AHP Method. SAUCIS. 2025;8(4):740-61.

Article Files

Full Text

INDEXING & ABSTRACTING & ARCHIVING

29070 The papers in this journal are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License