Cybersecurity researchers often lack actionable frameworks for stakeholder-oriented ethical analysis. This paper proposes a systematic stakeholder analysis methodology that categorizes stakeholders into four archetypal groups—primary users, secondary affected parties, governance entities, and the general public—and maps them onto empirical research techniques including semi-structured interviews, scenario modeling, and risk mapping, illustrated with real-world case studies. The framework bridges a critical gap in cybersecurity ethics practice by enabling methodologically grounded, context-sensitive ethical assessment. Evaluation demonstrates that research teams using the framework achieve significantly improved efficiency and accuracy in identifying ethical risk exposure points across the project lifecycle, thereby enhancing the rigor, reproducibility, and practical applicability of ethical review. It notably strengthens systematicity in ethical reasoning, improves risk detection precision, and supports more robust, evidence-informed ethical decision-making.

Stakeholder-based ethics analysis is now a formal requirement for submissions to top cybersecurity research venues. This requirement reflects a growing consensus that cybersecurity researchers must go beyond providing capabilities to anticipating and mitigating the potential harms thereof. However, many cybersecurity researchers may be uncertain about how to proceed in an ethics analysis. In this guide, we provide practical support for that requirement by enumerating stakeholder types and mapping them to common empirical research methods. We also offer worked examples to demonstrate how researchers can identify likely stakeholder exposures in real-world projects. Our goal is to help research teams meet new ethics mandates with confidence and clarity, not confusion.