¶ … Justifying Research Methods and Design
Insider threats are one of the primary sources of risk to an enterprise network and to intellectual property. For decades, the internet security realm has been rather narrowly focused on pre-empting insider threats by mean of sophisticated architecture and conventional login identification barriers. More recently, internet communications and technology (ICT) experts have taken an active position by using technological capacity to identify risk patterns, and devising systems to address insider threat when and where it is most likely to happen -- before it happens. In other words, rather than just taking a technological approach to the problem of insider threats, professionals with expertise in internet security dovetail sociological and psychological knowledge with technological knowhow The research in socio-technical methods for mitigating insider threat to enterprises hold profound promise for effective and agile solutions to a pervasive, expensive, and fluid problem.
A socio-technical approach to assessing, understanding, and mitigating insider threats capitalizes on expert knowledge about vulnerabilities and potential effective solutions. A malicious insider threat to an enterprise occurs when former or current personnel, contractors, or other types of business partners (who had or currently have authorized access to the data, network, or system belonging to an enterprise), and who intentionally misuse or exceed the access in such a way as to bring negative impact on the enterprise with regard to the integrity, trustworthiness, access / availability, or confidentiality of the company's organization and its information systems. The definition is a long one, but it clearly spells out the critical components: (1) Access to a system has been appropriately granted; (2) a trust relationship is maintained, which typically means that safeguards are static and security is often lowered as staff become complacent; (3) the work situation enables inappropriate or illegal use; and (4) the business enterprise suffers or is in danger of suffering damage due to the misuse of information.
Some of the most robust research in the internet systems security literature has utilized architectural patterns in a systems approach to develop models to address insider threats. A systems dynamics approach to permits researchers to simulate and analyze the architectural patterns associated with the threats, and to do so outside of the operational system of an enterprise (Mundie & Moore, 2012; Moore, et al., 2011; Moore, et al., 2012). The purpose of studying the patterns is to develop mitigation strategies for insider threats that are operationally valid and are scientifically derived (Burstein, 2008; Eysenck, 2004).). In order to develop these mitigation strategies, this author proposes a comprehensive research approach that incorporates both qualitative and quantitative methods in what is commonly referred to as a mixed methods approach.
A mixed methods approach is appropriate when researchers are not sure about what theories should guide their research, or what variables to measure, or even what questions to ask (Creswell, 2011). A novel line of research may establish this research predicament (Creswell, 2011). In order to address the first research question that is focused on identifying the specific risk that firms face from insider threats in cloud computing situations, a qualitative approach will be used in the form of a Delphi survey (Creswell, 2011). The first research question emphasizes a thorough inquiry into the types of specific insider threats rather than an actual frequency count of cyber attacks or cyber events. To quantitative inquiry will address the second research question that is focused on the cost assessment of risk (Creswell, 2011).
Research Question #1: What specific risks do companies face from insider threats in cloud computing situations?
The qualitative component of the research approach utilizes a Delphi approach for accessing the expert opinion of professional "sentries" and "protectors" of enterprise networks. The Delphi survey method has been used by a number of cybersecurity researchers to explore issues related to insider threats. (Catrantzos, 2009; Moore, 2011; Skulmoski, 2007). The Delphi method is an iterative approach to gathering information that relies on anonymous input from experts. Each expert selected for a Delphi survey panel needs to have substantive experience and exposure to the management or investigation of insider threats. Catrantzos (2009) used the Delphi method to test proposed cybersecurity techniques by assembling a panel of cybersecurity experts to review and critique the security methods. Catrantzos recruited dozens of experts -- including investigators, experienced defenders, and line managers -- across different disciplines and from different organizations. Moore, et al. (2012) used the Delphi approach as a complementary approach to an extensive mixed-methods research in the area of insider threats.
The rationale...
Understanding the Value of Qualitative Research Qualitative researchers have a number of different research strategies available to them, including case studies, phenomenology, grounded theory and ethnography. Each of these research strategies has its respective strengths and weaknesses, but ethnography in particular represents a special challenge since it seeks to learn more about a group of people from the perspective of an insider. The purpose of this paper is to provide a
Marketing Canon: Approaches Based on Principles for Influencing Decision Making in Firms Operating in several geographical locations, quite a number of firms have many product lines, which many marketing scholars believe are ever confronted by myriad dilemmas. To facilitate consistent decision-making processes, it is vital for the firms to come up with overall but common marketing strategies while at the same time, it is very essential for firms to permit
It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to
Dissertation ManuscriptBySedric K. MorganGeopolitical Awareness and Understanding of the Current Monetary Policies: A Quantitative Study� Northcentral University, 2019 Comment by Author: Sedric � NOTE: take a look at the Turnitin Analysis report. Consider the areas that are closely related to student paper(s) from University of Maryland. I highly suspect this is a matter of improper paraphrasing (by you as well as these other student(s)). The areas are sourced and the
HOW EARLY EFFORTSAT DEVELOPINGA COUNTERINTELLIGENCEPROGRAMINTHE 1950s AND 1960s INFLUENCED CURRENT USCOUNTERINTELLIGENCE POLICIESA Master ThesisSubmitted to the FacultyofAmerican Public University SystembyAlexgardo OrriolaIn Partial Fulfillment of theRequirement for the DegreeofMaster of ArtsAugust 2020American Public University SystemCharles Town, WVviTheauthorhereby grantsthe American PublicUniversity System the right todisplay these contentsfor educational purposes.Theauthorassumestotalresponsibility formeetingthe requirementsset by UnitedStates copyrightlawfor the inclusionofany materialsthatare not the author�screation or in the public domain.� Copyright2020by Alexgardo OrriolaAll rights reserved.DEDICATIONI dedicate thisthesisto
CI FinalAbstractThis thesis describes the need for an ethical standard in counterintelligence (CI) so as to facilitate collaboration among the various CI agencies and the private sector. It conducts an analysis of the formation of the counterintelligence program under Angleton, the use of CI within the Federal Bureau of Narcotics under Anslinger, and the use of CI in the Phoenix Program and the FBI�s COINTELPRO. This analysis is used to
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now