View
632
Download
30
Category
Tags:
Preview:
Citation preview
Research Methodology
METHODOLOGYSOLUTION
Research Methodology
PROBLEM
Research Methodology
• Structured way that you are going to follow for the problem that you are going to address
• Process that takes FROM problem TO proposed solution
• Need some proof that this solution can indeed meet the specified objectives
• One methodology – may have a number of research methods
Research Methods– literature surveys– surveys– case studies– models– prototypes– experiments– mathematical proofs– algorithms– simulations– arguments
Literature Survey (Study / Review)
Anderson, A.M. (1991). Comparing risk analysis methodologies. Proceedings of the IFIP TC11 Seventh International Conference on Information Security (pp. 301-311). North Holland, New York, NY, Amsterdam.
Baccarini, D., Salm, G., & Love, P.E.D. (2004). Management of risks in information technology
projects. Industrial Management & Data Systems, 104(4), 286 - 295. Emerald Group Publishing Limited.
Babbie, E. (1992). The practice of social research (6th ed.). Belmont, CA:Wadsworth. Baldwin, R., Scott, C., & Hood, C. (1998). Introduction. In R. Baldwin, C. Scott & C. Hood (Eds.),
Reader on Regulation. Oxford: Oxford University Press. Bandyopadhyay, K., Mykytyn, P.P., & Mykytyn, K. (1999). A framework for integrated risk
management in information technology. Management Decision, 37(5), 437-444. MCB Press. Barton, T.L., Shenkir, W.G., & Walker, P.L. (2002). Making Enterprise RISK MANAGEMENT Pay
Off. Financial Times – Prentice Hall: New Jersey
Survey
Research Methods– literature surveys– surveys– case studies– models– prototypes– experiments– mathematical proofs– algorithms– simulations– arguments
Model
Gathering of Information
Questionnaires
Process & Compare
Current Security
Required Security
Management Awareness
Graphical Reports of Security State
Information Security Controls
per Legal Aspect
produced byLegal Compliance Analysis
Legal Compliance Questionnaire
Legal Requirements
%
Legal Aspects
Legal Matrix
ISO
17799
Legal Aspects
Prototype
Research Methods– literature surveys– surveys– case studies– models– prototypes– experiments– mathematical proofs– algorithms– simulations– arguments
PROJECT SPECIFICATIONName of candidate
Name of supervisor (if known) OR research group
Proposed title of project / topicDescription of problem area
Problem statement (& research questions)
Project goals, objectives and rationale
Development specifications (if applicable)
Examples
• 1 - 5
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1Methodology
The project will start with a detailed general literature survey to determine the current international trends. Relevant information that has been published previously will be investigated.
This will be followed by a focussed literature survey to determine topics that are included in current programmes. Along with this, an industry investigation will be done to determine topics included in company programmes that are known for sound information security. Based on the above, a questionnaire will be drafted and forwarded to a number of South African companies. The objective of this questionnaire will be to determine the topics to be included in a generic programme, as well as the level of detail in them.
Having analysed the results of the questionnaire, the common content of a generic information security awareness programme will be argued.
Example 1 – continued …• Detailed general literature survey
– To establish what has been done in this area
• Focused literature survey (specific)– Zoom in
• Investigation– Case study
• Questionnaire– Survey
• Analysis– Analyse results of survey
• Argumentation (reasoning)– Build your argument (express & motivate your reasoning)
Summary
• RESEARCH– Based on facts
• RESEARCH METHODOLOGY– Must be in line with your research philosophy – Research philosophy = area/paradigm in
which you conduct your research
Recommended