A Web Based Employees’ Cyber Security Ethical Behavior Assessment (ECEBA) Model for Ugandan Commercial Banks

Abstract

Purpose: Despite the existence of Cyber Security technical controls, checklists, and formal procedures in the banks; there exists no employees’ assessment tool for Cyber Security ethical behavior. This research presents the creation of such a tool. This research aimed at enhancing Cyber Security by developing a Cyber-Security Ethical Behavior Assessment (ECEBA) model. Methodology: ECEBA model was used as an experimentation instrument for the development of a web-based application (ETHICA) for assessing Cyber Security ethical behavior. Unified Modelling Language (UML) was used. The ECEBA model followed the reuse concept by customizing the 3-tier architecture of the web application development. The front end interface was done using HTML5 to design the web interfaces of the ETHICA Application. To style the interfaces, CSS3 was used. Then JavaScript was used as a client side script to validate the data before submitting it to the server. AJAX a JavaScript library was used to allow submission and loading of data. Bootstrap was used to achieve responsiveness of the user interfaces. XAMPP a local MySQL server was used to host the database and the system files. Object Oriented PHP was used to act as a GUI to manage data communication between the server and interfaces. PHP Data Object driver class was used to achieve this. SQL was used to write the queries purposely to perform data processing on the server. Findings: The ECEBA model was developed. Deployed to the internet via URL http://Cybersecurity.groxels.com. It guided the design of ETHICA Application. Recommendation: Ethical behavior questions based on virtue ethical theory, Theory of Planned Behavior (TPB) and Ethical climate theory are fed into the ETHICA Application. This provides a platform for managers in assessing those individuals who may present Cyber security unethical behavior. Banks should give employees opportunity to assess themselves. Banks to use the model in conducting Employee pre-hire screening and periodic assessments of current employees. Banks should integrate the model with other cyber security controls for better ethical decision making & planning.