Chapter 3 outline
abhilash tati
chapter3outline_v10.pdf
Chapter III Outline: Methodology
Ransomware has emerged as one of the most severe dangers to enterprises' routine
commercial operations. Healthcare institutions are particularly vulnerable to ransomware attacks
due to the limits imposed by time constraints and limited resources. This chapter summarizes the
study's research methodologies. It describes the individuals, their characteristics, and how they
were selected. This chapter is organized into different sections: section 1 is the introduction,
section two the research design, section 3 population and sample, section 4 materials and
instrumentation, section 5 variables and operational definitions, section 6 data collection and
statistical analyses, section 7 Limitations, section 8 delimitations, and section 9 ethical assurances.
Research Design
This study seeks to understand the impact of ransomware in healthcare by conducting
surveys using Survey Monkey. This study used a quantitative research paradigm, including online
surveys, as detailed later in the chapter. Leedy (1993) refers to quantitative research as the
experience of others and offers the most significant evidence. It aims to understand people's worlds
from their perspective. The primary data collection method used in this research is surveys
obtained from Survey Monkey having conducted the study. Through the surveys, the researcher
can appropriate the usefulness of the information in analyzing the impact of ransomware attacks on
healthcare. Survey as a means of data collection was more appropriate than other methods such as
probability sampling because it had more precision according to the research paradigm.
Steps followed in the research design include:
1. Theory. This signified the deductive approach that the research would take
2. Hypothesis. This step involved outlining the hypotheses and testing them
3. Research design. This step involved selecting an appropriate research design
4. Operationalizing concepts. This step involved devising the research concepts
5. Selecting a research site. This step involved choosing the setting for the research
6. Selecting respondents. Identifying the population and the respondents in the study.
7. Data collection
8. Process of data. Identifying variables and classifying them.
9. Analysis
Construct Item Hypothesis Habit (1) Habit2(Complying with
information security policies is something I do automatically) Habit3(Complying with information security policies is something I do without having to remember to do so consciously.) Habit4(Complying with information security policies is something that makes me feel weird if I do not do it) Habit7(Complying with information security policies is something that belongs to my (daily, weekly, monthly) routine) Habit8(complying with information security policies is something I start doing before I realize I'm doing it)
Habit positively influences perceived severity.
Intention (2) Int1(What is the chance that you would do what [the scenario character] did in the described Scenario?) Int2(I would act the same way as [the scenario character] did if I were in the same situation.)
Vulnerability positively affects employees' intention to comply with IS security policies.
Perceived severity (3) PerceivedSev1(An information security breach in my organization would be a severe
Perceived severity positively affects employees' intention to comply with IS security
problem for me) PerceivedSev3(If I did what [the scenario character] did, there would be severe information security problems for my organization)
policies.
Response efficacy (4) ResponseEfficacy1(Complying with information security policies in our organization keep IS security breaches down) ResponseEfficacy2(If I comply with information security policies, IS security breaches are scarce.) ResponseEfficacy3(Careful compliance with IS security policies helps avoid security problems.)
Response efficacy positively affects employees' intention to comply with IS security policies.
Response cost (5) ResponseCost4(Complying with information security policies inconveniences my work) ResponseCost5((There are too many overheads associated with complying with information security policies) ResponseCost6(Complying with information security policies would require a considerable investment of effort other than time)
Response cost negatively affects employees' intention to comply with IS security policies.
Rewards (6) Reward1(If I did what [the scenario character] did, I would save time.) Reward2(If I did what [the scenario character] did, I would save work time) Reward3(Non-compliance with the information security policies saves work time)
Rewards negatively affect employees' intention (dependent variable) to comply with IS security policies
Self-efficacy (7) Self Efficay1(I can comply with information security policies by myself.) Self Efficay2(Doing the opposite of what the [scenario
Self-efficacy positively affects employees' intention to comply with IS security policies.
character] did would be difficult for me to do) Self Efficay3(Doing the opposite of what the [scenario character] did would be easy for me to do.)
Perceived vulnerability (8) PerceivedVuln2(My organization could be subjected to an information security threat if I did what [the scenario character] did) PerceivedVuln3(An information security problem could occur if I did what [the scenario character] did.)
Vulnerability positively affects employees' intention to comply with IS security policies.
Population and Sample
The participants consisted of healthcare facilities, government entities, and healthcare
professionals. The population will be sampled randomly from a pool of 1000 individuals and
entities out of the possible 329.5 million (United states population) because of their specialization
and training on healthcare ransomware. The characteristics of the sample included both medium
and small enterprises with a total number of 118 people working for the organizations, including
nurses, doctors, and IT staff. The population was deemed relevant because of the day-to-day
interactions of healthcare professionals with medical devices. The characteristics of the
respondents include age, level of education, economic status, and gender.
Materials and Instrumentation
When feasible, all items were altered from previously validated instruments to meet the
needs of the participants. All the survey responses were rated on a Likert scale ranging from 0 to
10. The composite measures for deterrence constructs were calculated to create a sanction measure
that reflected both the risk and the cost of perceived punishment. This was accomplished by
multiplying each severity measure by the certainty measure associated with the deterrence
construct. It also utilized observations of healthcare facilities as participants reported their
experiences. All the studies and surveys were conducted using SurveyMonkey as a tool. The
survey was adapted using Likert scale to show only the most relevant responses from the IT
manages and the medical professionals. The IT manages will have to implement two factor
authentication system in medical gadgets to combat the issue of ransomware. The survey is also
adapted to show the level of awareness on healthcare ransomware and the available strategies used
to combat the issue.
Variables and Operational Definitions
Hypotheses
H0: Habit influences perceived severity.
H1: Habit does not influence perceived severity
H0: Vulnerability does not affect employees' intention to comply with IS security policies.
H1: Vulnerability positively affects employees' intention to comply with IS security policies.
H0: Perceived severity does not affect employees' intention to comply with IS security policies.
H1: Perceived severity positively affects employees' intention to comply with IS security policies.
H0: Response efficacy does not affect employees' intention to comply with IS security policies.
H1: Response efficacy positively affects employees' intention to comply with IS security policies.
H0: Response cost does not affect employees' intention to comply with IS security policies.
H1: Response cost negatively affects employees' intention to comply with IS security policies.
H0: Rewards does not affect employees' intention to comply with IS security policies
H1: Rewards negatively affect employees' intention to comply with IS security policies
H0: Self-efficacy does not affect employees' intention to comply with IS security policies.
H1: Self-efficacy positively affects employees' intention to comply with IS security policies.
H0: Vulnerability does not affect employees' intention to comply with IS security policies.
Variables
H1: Vulnerability positively affects employees' intention to comply with IS security policies.
Variables
Two dependent variables were used is Scenario and intention. The inclusion of intention as
a dependent variable is congruent with PMT, as the behavioral intention has always been used to
assess protective motive in research. About this item, the answer scale went from 0 (no chance at
all) to 10 (100 percent chance). An additional single-item measure, which asked respondents to
judge the realism of a specific scenario, was included alongside questions evaluating latent
components. On a scale of 0 to 10, the credibility of this item ranged from 0 to 10.
Table 1
Summary of Variables
Variable Type LoM Values Data source
Intention Dependent Interval 0-50 units Survey
Scenario Independent-1 Interval 1-10 units Secondary data
Realism Independent-2 Nominal 0 = left
1 = right
Secondary data
Gender Independent 3 Nominal Secondary data
Note: LoM = level of measurement, DV = dependent variable, IV = independent variable.
Data Collection and Statistical Analysis
This report was created using data from an American municipal organization. Because
realism is a fundamental concern with the scenarios approach, we chose a single organization to
guarantee that the events were realistic and contextually relevant for the people who answered. As
a result, the target audience comprised the whole organization's clerical and administrative staff.
This particular business was picked due to its compliance with information security standards
inside its IT architecture. Furthermore, the equipment was physically placed at a university to
ensure respondents' secrecy further. With the model in hand, we tested its performance against
three control variables: gender, scenario type, and the perceived realism of the Scenario. In this
section, we added the scenario type since we allocated different situations to participants in a
random manner.
Assumptions
Awareness of the impact of ransomware attacks on healthcare data and other facilities is
inadequate among healthcare professionals.
Limitations
Our study had typical limitations. First, the data was obtained from one organization,
including biases unique to the sample. Therefore, care should be taken in generalizing findings to
other organizations. Second, the administrative and clerical workers at the organization we
sampled were predominantly female. Although our tests did not find any difference in the
compliance based on gender, it is essential in other IT contexts. Third, our study was limited in its
use of intention as the dependent variable. Measures of intention are widely accepted as needed,
especially in criminological research; there is also strong evidence of a strong relationship
between intention and actual behavior Delimitations
Ethical Assurances
The goal of the study was outlined before issuing out the survey. Following that, subjects
received information outlining the study's objectives in further detail. They were assured of secrecy
and anonymity and advised that participation in the study was entirely voluntary and that they
might leave at any time without incurring any negative consequences. They were then asked to
sign a consent form indicating that they had read and comprehended the information presented to
them. Digital Consent was acquired to ensure that the survey was done willingly.
CONCLUSION
This chapter discusses the technique employed in this study. A description of qualitative research
as a data collecting and analysis technique. This chapter explained the procedures used to obtain
the data and offered information about the sample.
REFERENCES
Hewitt, B., Dolezel, D., & McLeod Jr, A. (2017). Mobile device security: Perspectives of future
healthcare workers. Perspectives in health information management, 14(Winter).
Janwadkar, S., & Dhavse, R. (2021). Qualitative and quantitative analysis of parallel-prefix adders.
In Advances in VLSI and Embedded Systems (pp. 71-88). Springer, Singapore.
Liu, Y., Yang, L., & Jiang, W. (2020). Qualitative and quantitative analysis of the relationship
between water pollution and economic growth: a case study in Nansi Lake catchment,
China. Environmental Science and Pollution Research, 27(4), 4008-4020.
Liang, H., & Xue, Y. L. (2010). Understanding security behaviors in personal computer usage: A
threat avoidance perspective. Journal of the association for information systems, 11(7), 1.
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from
habit and protection motivation theory. Information & Management, 49(3-4), 190-198.
