A Guide to Stakeholder Analysis for Cybersecurity Researchers

TL;DR

This paper provides practical guidance for cybersecurity researchers on conducting stakeholder analysis to meet ethics requirements, including stakeholder identification, mapping to research methods, and real-world examples.

Contribution

It introduces a structured approach to stakeholder analysis in cybersecurity research, linking stakeholder types to empirical methods and offering illustrative examples.

Findings

Stakeholder types can be systematically identified in cybersecurity research.

Mapping stakeholders to research methods clarifies ethical analysis processes.

Worked examples demonstrate practical application in real projects.

Abstract

Stakeholder-based ethics analysis is now a formal requirement for submissions to top cybersecurity research venues. This requirement reflects a growing consensus that cybersecurity researchers must go beyond providing capabilities to anticipating and mitigating the potential harms thereof. However, many cybersecurity researchers may be uncertain about how to proceed in an ethics analysis. In this guide, we provide practical support for that requirement by enumerating stakeholder types and mapping them to common empirical research methods. We also offer worked examples to demonstrate how researchers can identify likely stakeholder exposures in real-world projects. Our goal is to help research teams meet new ethics mandates with confidence and clarity, not confusion.