Cybersecurity policy makers and enforcers face ethical dilemmas that cover behavior and scope. The behavior of human professionals and organizations, as well as the scope of their actions and investigations, pose a challenge when determining the rights an individual or an organization may have. Organizations have the right to monitor information within their company but policy must dictate what extent/scope is appropriate (Philip, 2002).

Going beyond legality, policy must be ethical. The Computer Ethics Institute created a Ten Commandments of Computer Ethics because the landscape of computer users demanded one as it evolved. These commandments cover behavior and use of others’ resources/property (Barquin). Cyber behavior can be seen differently than real world behavior and ethics must be enforced by the computer user community. Beyond that, ethics must be considered by policy makers.

These dilemmas can be resolved by breaking down various areas and the role of cybersecurity within them. Policy makers must take into account use in/by professional organizations, their operations, and employees (Shinder, 2005).  Investigating and punishing computer crime falls into challenges of attribution and jurisdictions. Ethics can be challenged with privacy and anonymity rights, along with freedom of information, and fair information practices. Other challenges include intellectual property rights and their use or abuse. Understanding and redefining policy as technology, data collecting, and use evolves will help resolve some of these dilemmas (Herold, 2015).


Barquin, R. C. (n.d.). Ten Commandments Computer Ethics Institute. Retrieved from

Herold, R. (2015). Introduction to Computer Ethics. Retrieved from

Philip, A. R. (2002, July 15). The Legal System and Ethics in Information Security. Retrieved from

Shinder, D. (2005, August 02). Ethical issues for IT security professionals. Retrieved from