Ethical responses to organisational ICT codes of conduct
The cybersecurity laws, regulations, policies, and processes are implemented to reduce risks and/or threats to the organisations or universities. The information and communication technology (ICT) codes of conduct are the ICT policies to protect its infrastructure that are imposed and signed by the individuals, including students before the commencement of enrolment. Individuals can, however ignore, circumvent, or act contrary to the policies provided, which can pose significant cybersecurity risks. This can be due to lack of awareness of possible consequences of such contraventions, but also due to lack of sensitivity to the ethical principles underpinning such codes. Therefore, there is a need to understand why users are not compliant with ICT codes of conduct and how to change their behaviour so that they act ethically and in accordance with ICT codes. We have designed a between-subjects experiment involving students’ responses to 5 scenario-pairs (breach/non-breach) based on university’s ICT policy following awareness training on ethical principles or acceptable use of IT to understand the potential value of training. Furthermore, we profile students to capture their moral stance and their compliance towards university’s ICT policy. We conclude that with this we can create awareness amongst students to benefit them and their university.