Mock Dissertation Chapter Three Methodology

Chapter III: Methodology
As observed in recent years, large organizations are facing multiple data breaches from hackers who are trying to steal sensitive information. With the increase in technology, attackers with malicious intent are finding advanced methods to breach into the organization or even simple by exploiting known risks that could have been avoided by the organization by updating their systems on a regular basis (Alawneh, 2008). The most recent breach that we all were aware off was the Equifax data breach where it was reported that millions of its customers personal identifiable information (PII) were stolen, information such as social security number , an individual’s name, financial record, driver’s license number, etcetera.. The purpose of this paper is to how organizations can protect themselves from data breaches. What are the ways in which their data can be exposed and does employee awareness will help organizations protect themselves from being attacked from various sources?

Design of the study:
The data collected in this paper was a mixed approach. The collected data was both qualitative and quantitative in nature. The researcher developed a questionnaire containing both open-ended and close-ended questions and all of this was administered through LimeSurvey. And most of the participants response was recorded when they were trying to explain their understanding of a breach and how data leaks can be classified into intentional threats and inadvertent threats as these recording were transliterated for further analysis using otter A.I. And each session from the participant lasted from 45 – 90 minutes depending on the tasks being performed.

Data collection and participants:
All the participants involved in the sessions have worked or currently working in financial organizations. Participants read and signed a consent form explaining the purpose of the research and were given the option to skip a question if they feel uncomfortable in answering a question. Participants were recruited through ads from social media and from known contacts whose education and work experience are related to the study that was being conducted. There were around 50 participants in total, 30 males and 20 females, they ranged in age from 24 – 57. When asked about data breaches and do they know who their organizations protect itself from data breaches as part of employee awareness, 40 said yes and 10 said no. And when asked about taking or participating in any data security training conducted by the organizations, 35 said yes and 15 said no. And when asked about recording their answers on a device 45 said yes and 5 said no, For the 5, we noted down their answers on a paper with their consent.

Data analysis and Sampling procedures:
The participants responses were addressed in two sections which are quantitative and qualitative. When analyzing the qualitative data from the questionnaire we conducted a thematic analysis in order to better analyze the participants response to the open-ended questions (Namey, 2012). The researcher was mostly focused on finding a pattern, a trend or an similar ideas that will help in outlining the analysis. The researcher developed some code to identify similar themes and patterns. Then started to build an initial summary or view of these codes to identify the patterns in which the participants talked about how insider threats and data breaches and their choice of words and simultaneously looking for the alternative where they had different views/insights on a data breach. The top-level codes were associated with our research questions as they were primarily focused on (1) How many years have you been working in financial sector? (2) What are some the standard security measures that are in place? (3) How does your organization handle data breaches? (4) What are the consequences of a data breach? (5) How do you as an employee protect yourself from being a victim of a data breach? Several subcategories were created based on the response from the participants but note that the above are all high-level categories which are all clustered. Analysis were also conducted on the questionnaire or the survey whereby aggregating the score from positive minus to the negative ones. Each response to the question were scored 1 – 5 where 1 is always 5 is never and 3 is sometimes.

References:
 Julisch K, Dacier M (2002). Mining intrusion detection alarms for actionable knowledge. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
Alawneh M, Abbadi IM (2008). Preventing information leakage between collaborating organisations. In: Proceedings of the 10th International Conference on Electronic Commerce , ICEC.
Identity theft resource center (2019). Retrieved from https://www.idtheftcenter.org/ data-breaches/. Accessed: 2019-04-1.
Namey E. Guest G., MacQueen K. M (2012). Introduction to Applied Thematic Analysis. Applied Thematic Analysis. SAGE Publications.