MODEL FOR ASSESSING THE ETHICAL MATURITY OF AN ORGANIZATION'S INFORMATION SECURITY SYSTEM

Abstract

This study presents a model for assessing the ethical maturity of an organization’s information security system, designed to integrate ethical principles into the processes of safeguarding information security. Drawing on the analysis of contemporary scientific research, which demonstrates that the majority of information security incidents are linked to employee actions, the study identifies the problem of evaluating the ethical maturity of information security systems and substantiates the necessity of considering the human factor. To address this issue, a mathematical model for assessing ethical maturity is proposed, grounded in a system of key performance indicators (KPIs) that reflect the level of implementation of ethical measures across organizational policies, procedures, and practices.

The methodological foundation of the model is the Analytic Hierarchy Process (AHP), which enables the determination of criterion weights through pairwise comparison matrices and ensures the consistency of expert judgments. To standardize the indicators, z-score normalization has been applied, allowing heterogeneous data to be transformed into a unified scale and integrated into a single Ethical Maturity Index. This index provides a quantifiable representation of the current state of an organization’s information security system in terms of ethical maturity.

The proposed model establishes a formalized relationship between ethical control points and the

requirements of international standards. Its practical significance lies in its applicability as a tool for certification audit preparation, internal monitoring, and continuous improvement of information security management processes. The mathematical formalization ensures transparency in assessment, objectivity of results, and the possibility of quantitative comparison of organizations by their ethical maturity level. Furthermore, the model provides a systematic perspective on the internal incident process, emphasizing its stages and corresponding preventive measures.

In conclusion, the developed model bridges the scientific formalization of ethical aspects in information security with the practical demands of organizations to comply with international standards and mitigate risks arising from the internal human factor.

Keywords: information security, ethical maturity of cybersecurity systems, ethical maturity model, cyberethics, key performance indicators.