You are here: Home Contents V13 N1 V13N1_Thomas.html
Personal tools

Ethical Issues of User Behavioral Analysis through Machine Learning



Full text

Journal of Information System Security
Volume 13, Number 1 (2017)
Pages 317
ISSN 1551-0123
Georg Thomas — Charles Sturt University, Australia
Patrick Duessel — University of Bonn, Germany
Michael Meier — University of Bonn, Germany
Information Institute Publishing, Washington DC, USA




Due to the ever-growing risk of data leakage and sabotage by internal employees, insider threat detection is receiving increasing attention. Solutions are typically asset-centric and rule-based, providing limited detection capabilities and significant maintenance efforts. Content-based anomaly detection over user behavior is an alternative, but raises ethical questions that need to be addressed before deployment. In this contribution, user-centric content-based behavioral anomaly detection utilizing four ethical dimensions reveals that it requires integration with the organization's data privacy organization, a binding code of conduct for administrative personnel, integration with the organization's security incident management and continuous oversight by management.





Workplace Moral Conduct, Data Leakage Risk Mitigation, Professional Integrity, A nomaly Detection, Content Features, Security, Insider Threat, Privilege Misuse




Al-Saggaf, Y., Burmeister, O. K., and Weckert, J. (2015). Reasons behind unethical behaviour in the Australian ICT workplace: An empirical investigation. Journal of Information, Communication & Ethics in Society, 13(3/4), 235-255.

Bernoth, M., Dietsch, E., Burmeister, O. K., and Schwartz, M. (2014). Information Management in Aged Care: Cases of Confidentiality and Elder Abuse. Journal of Business Ethics, 122, 453-460.

BeyondTrust. (2016). Retrieved from BeyondTrust:

Bowern, M., Burmeister, O. K., Gotterbarn, D., and Weckert, J. (2006). ICT Integrity: Bringing the ACS Code of Ethics up to date. Australasian Journal of Information Systems, 13(2), 168-181.

Burmeister, O. K. (2000). Applying the ACS code of ethics. Journal of Research and Practice in Information Technology, 32(2), 107-120.

Burmeister, O. K. (2013). Achieving the goal of a global computing code of ethics through an international-localisation hybrid. Ethical Space: The International Journal of Communication Ethics, 10(4), 25-32.

Burmeister, O. K., Islam, M. Z., Dayhew, M., and Crichton, M. (2015). Enhancing client welfare through better communication of private mental health data between rural service providers. Australasian Journal of Information Systems, 19, 1-14.

Burmeister, O. K., Phahlamohlaka, J., and Al-Saggaf, Y. (2014). National security governance exemplified by South Africa's cyber security policy implementation. Paper presented at the ETHICOMP 2014 Conference, Paris, France.

Burmeister, O. K., Phahlamohlaka, J., and Al-Saggaf, Y. (2015). Good Governance and Virtue in South Africa's Cyber Security Policy Implementation. International Journal of Cyber Warfare and Terrorism, 5(1).

Burmeister, O. K., Weckert, J., and Williamson, K. (2011). Seniors extend understanding of what constitutes universal values. Journal of Information, Communication & Ethics in Society, 9(4), 238-252

Cufaude, J. (1999). Creating organizational trust. Association Management, 51(7), 26-34.

DeCew, J. (1997). In pursuit of privacy: Law, ethics, and the rise of technology. Cornell University Press.

Dodig-Crnkovic, G. (2006). Privacy and Protection of Personal Integrity in the Working Place. Paper presented at the ZiF-Workshop "Privacy and Surveillance", University of Bielfeld, Germany.

Fawkes, J. (2014). "Trust Me, I'm a Professional", Public Relations Ethics and Professionalism: the shadow of excellence, 51-76. London and New York: Routledge.

Gotterbarn, D. (2001). Software Engineering Ethics. Encyclopedia of Software Engineering, 1-13.

Gotterbarn, D. (2016, 04 17). An evolution of computing's codes of ethics and professional conduct. Retrieved from

Hassan, M., Toylan, N., Semerciöz, F., and Aksel, I. (2012). Interpersonal Trust and Its Role in Organizations. International Business Research, 5(8), 33-39.

Hitt, W. D. (1990). Ethics and leadership. Columbus, OH: Batelle.

IBM. (2015). IBM 2015 Cyber Security Intelligence Index.

IBM. (2016). Data security and protection. Retrieved from

Ismail Al-Alawi, A., Yousif Al-Marzooqi, N., and Fraidoon Mohammed, Y. (2007). Organizational culture and knowledge sharing: critical success factors. Journal of Knowledge Management, 11(2), 22-24.

Laudon, K. C. (1995). Ethical concepts and information technology. Communications of the ACM, 38(12), 33-39.

Leslie, C., Eskin, E., and Noble, W. (2002). The spectrum kernel: a string kernel for SVM protein classification. Proceedings of the Symposium of Biocomputing, 564-572.

Levesque, M. A., Bédard, Y., Gervais, M., and Devillers, R. (2007). Towards managing the risks of data misuse for spatial datacubes. Proceedings of the 5th International Symposium on Spatial Data Quality, 13-15.

Personam. (2015). Personam Insider Threat Detection - How it works. Retrieved from Personam:

Professional. (n.d.). Retrieved from Protection of personal data. (n.d.). Retrieved from European Commission:

Redhat. (2016). Redhat - Customer Portal. Retrieved from

Rieck, K., and Laskov, P. (2008). Linear-Time Computation of Similarity Measures for Sequential Data. Journal of Machine Learning Research 9, 23-48.

Schwartz, P. M. (2011). Privacy, ethics and analytics. IEEE Security & Privacy, 3(9), 66-69.

Senarathna, I., Yeoh, W., Warren, M., and Salzman, S. (2016). Security and Privacy Concerns for Australian SMEs Cloud Adoption: Empirical Study of Metropolitan Vs Regional SMEs. Australasian Journal of Information Systems, 20.

Shaw-Taylor, J., and Christianini, N. (2004). Kernel Methods for Pattern Analysis. Camebridge University Press.

Simpson, C., Nevile, L., and Burmeister, O. K. (2003). Doing Ethics: A Universal Technique in an Accessibility Context. Australasian Journal of Information Systems, 10(2).

Stackexchange. (2016, 04 11). Retrieved from How to automatically record all your terminal sessions with script utility: ttp://

Survey reveals scandal of snooping IT staff. (2008). Software World, 39(4), 24.

Teipel, S., Babiloni, C., Hoey, J., Kaye, J., Kirste, T., and Burmeister, O. K. (2016). Information and communication technology solutions for outdoor navigation in dementia. Alzheimer's & Dementia: The Journal of the Alzheimer's Association, 1-13.

Thomas, G. A. (2016). Hacking the terror suspect's iPhone: what the FBI can do now Apple says 'no'. Retrieved from The Conversation:

Thomson, A. J., and Schmoldt, D. L. (2001). Ethics in computer software design and development. Computers and Electronics in Agriculture, 30(1), 85-102.

Tutzauer, C. (n.d.). The Role of Trust in the Successful Implementation of Information Systems. Retrieved from Academia:

Verizon. (2015). 2015 Data Breach Investigations Report. Verizon.

Warren, S., and Brandeis, L. (1890). The right to privacy. Harvard Law Review, 1 93-220.

Weckert, J. (2005). On-line trust. In R. Cavalier (Ed.), The Impact of the Internet on Our Moral Lives (pp. 95-117). Albany, NY: SUNY Press.