Chapter 3 update

profilerahkon
RahkonRossChapterThree-ChairReview1-2.docx

8

Dissertation Proposal and Dissertation Manuscript

Template and Guide

This cover page and template instructional content should be removed before drafting chapters. Keep the template instructions in a separate location for ongoing reference as you develop chapter content within the manuscript format.

Instructions for how to use this template and guide:

· Type directly into the template at "Begin writing here..." or "Text…". Doing so should help to ensure the document is properly formatted.

· Use reminders in the comments relating to formatting as well as helpful tips for guidance purposes. Additionally, in each main section, use the checklist relating to content, so you know what to include before you begin to organize your thoughts. Refer to the checklist continuously as you develop each section. As you self-evaluate each section, you can actually check off each box by clicking on it to ensure you have met all the requirements. Please note these lists are resources and not meant to be exhaustive, as it is impossible to cover the details of every method and design.

· The length of a section can vary unless a guideline is provided.

· Once you have developed each section, refer to the comments and checklists one last time to be sure the section matches them as discussed with your Chair, then delete them.

· To delete a comment, right click on the comment, then select "Delete Comment.". For additional strategies and guidance, click here.

Version: October 2020

© Northcentral University, 2020 Comment by Northcentral University: Ensure every section in the document meets the following requirements: ☐ Use 12-point and Times New Roman font. ☐ Write in the future tense when referencing the proposed study in the dissertation proposal. Write in the past tense when referencing the completed study in the dissertation manuscript. ☐ Use economy of expression to present information as succinctly as possible without oversimplifying or losing the meaning. ☐ Avoid personal opinions and claims. ☐ Support all claims in the document with recent, scholarly, peer-reviewed sources published within 5 years of when the dissertation will be completed, unless they are seminal sources or no other literature exists. For additional information and guidance relating to scholarly and peer-reviewed sources, click here. ☐ Avoid anthropomorphism (i.e., giving human qualities to inanimate objects) such as “The article claims…”, “The study found…,”, or “The research explored…”. ☐ Clearly and precisely define key words upon their first use only.

Title of the Dissertation Comment by Northcentral University: With the exception of articles and prepositions, the first letter of each word should be capitalized. The title should be two single spaces (one double space) from the top of the page. In 10-15 words, it should indicate the contents of the study. The title should be bold. The title page should include no page number, so please recheck pagination once the template cover page has been removed.

Dissertation Proposal

Submitted to Northcentral University

School of Business Administration

in Partial Fulfillment of the

Requirements for the Degree of

DOCTOR OF MANAGEMENT INFORMATION SYSTEMS

by

La Jolla, California

October 2021

Abstract Comment by Northcentral University: The abstract should be included in the dissertation manuscript only. It should not be included in the dissertation proposal. The word Abstract should be centered, bolded, and begin on its own page.

Begin Small business owners face multiple cybersecurity threats, and ransomware is one of them. It denies small business owners access to their data in exchange for a specific payment. The purpose of this qualitative case study is to better understand the impediments to the application of ransomware-specific preventative, detective, and corrective controls by small business owners. The leaders and managers working in small businesses can benefit from applying specific strategies and themes to prevent victimization. It will bring a positive change in society by supporting the local economy and reducing the spread of ransomware to protect sensitive and confidential consumer data. Comment by Northcentral University: The text should be left-justified (not indented) and double-spaced with no breaks.

Acknowledgments Comment by Northcentral University: You may include an optional acknowledgements page in normal paragraph format in the dissertation manuscript. Do not include such a page in the dissertation proposal. The word Acknowledgements should be centered, bolded, and begin on its own page.

Begin writing here…

Table of Contents Comment by Northcentral University: Use the Table of Contents feature in Word. For additional information on creating a table of contents, click here. For information on updating the table of contents, click here, and for video resources from the Academic Success Center on formatting the table of contents, click here. Do not manually add headings into the Table of Contents. The headings in the table of contents are populated from the Styles gallery using the APA Level 1 and Heading 2 styles. Only include APA heading levels 1 and 2 in the table of contents. Use the Heading 2 style from the Styles gallery to add level two headings in the document. Update the table of contents to reflect any new level 2 headings added to document. Comment by Northcentral University: For Academic Success Center resources on formatting the table of contents, click here. For assistance, use the videos in the Tables and Headers tab and handouts in the Format tab. Comment by Northcentral University: Ensure the headings in the table of contents match those in the document. Please note the place holders are included in this table of contents: “XXX” under Chapter 2 must be replaced with the themes generated from the integrative critical review of the literature. If your study is qualitative, “Operational Definitions of Variables” under Chapter 3 must be deleted. “XXX” under Chapter 4 must be replaced with “Trustworthiness” for a qualitative study, “Validity and Reliability” for a quantitative study, and “Trustworthiness/Validity and Reliability” for a mixed methods study. The number of research questions listed under Chapter 4 must align with the number of research questions in your study. Under Appendices, each “XXX” must be replaced with the titles of the appendix.

Chapter 1: Introduction 1

Statement of the Problem 2

Purpose of the Study 2

Introduction to Theoretical or Conceptual Framework 3

Introduction to Research Methodology and Design 4

Research Questions 4

Hypotheses 4

Significance of the Study 5

Definitions of Key Terms 6

Summary 6

Chapter 2: Literature Review 7

Theoretical or Conceptual Framework 7

Subtopic 8

Summary 8

Chapter 3: Research Method 10

Research Methodology and Design 10

Population and Sample 10

Materials or Instrumentation 11

Operational Definitions of Variables 12

Study Procedures 13

Data Analysis 13

Assumptions 14

Limitations 14

Delimitations 14

Ethical Assurances 15

Summary 15

Chapter 4: Findings 16

XXX of the Data 16

Results 17

Evaluation of the Findings 18

Summary 18

Chapter 5: Implications, Recommendations, and Conclusions 19

Implications 19

Recommendations for Practice 20

Recommendations for Future Research 20

Conclusions 20

References 22

Appendix A XXX 23

Appendix B XXX 24

List of Tables Comment by Northcentral University: The words List of Tables should be centered, bolded, and begin on its own page Use the Table of Figures feature in Word and select “Table” as the caption label. For additional information and guidance, click here. Tip: For formatting the caption for tables, table headings should be double spaced and placed above the table. The word “Table” and the number should be bolded. The table title is in title case and italics. Comment by Northcentral University: Click here to review a video from the Academic Success Center on creating the List of Tables.

Begin list of tables here… Content will be provided once study has started.

List of Figures Comment by Northcentral University: The words List of Figures should be centered, bolded, and begin on its own page Use the Table of Figures feature in Word and select “Figure” as the caption label. For additional information and guidance, click here. Tip: For formatting the caption for figures, figure headings should be double spaced and placed above the figure. The word “Figure” and the number should be bolded. The figure title is in title case and italics. Comment by Northcentral University: Click here to review a video on creating the List of Figures.

Begin list of figures here…Content will be provided once study has started.

1

iv

Chapter 1: Introduction Comment by Garrett Smiley: Requirements have been met. Delete the text highlighted in yellow, as it is either incorrect or unnecessary for this section. Rewrite this entire section as a lead up or a ramp up to the problem statement; it should serve as both an introduction to the problem space with background on what the academic body of knowledge has to say about the current state of the problem space. All claims must have a citation from a current, peer reviewed journal article (this is true for any claim made in the paper). Currently, you have far too many citations that do not meet this threshold. Adjust. Checklist: ☐ Begin with an overview of the general topic to establish the context of the study and orient the reader to the field. Do not overstate the topic as you will address the topic more fully in Chapter 2. ☐ Describe the larger context in which the problem exists. ☐ Present an overview of why this research topic is relevant and warranted. ☐ Briefly explain what research has been done on the topic and why the topic is important practically and empirically (applied and PhD) as well as theoretically (PhD). ☐ Clearly lead the reader to the problem statement to follow. The reader should not be surprised by the problem described later in the document. ☐ Do not explicitly state the study problem, purpose, or methodology, as they are discussed in subsequent sections. ☐ Devote approximately 2 to 4 pages to this section. ☐ Write in the future tense when referencing the proposed study in the dissertation proposal. Write in the past tense when referencing the completed study in the dissertation manuscript. ☐ There are no personal opinions in the dissertation. All work must come from cited sources.

Small businesses, mostly comprised of up to 19 employees, are becoming the primary targets of the cyber-criminals as these enterprises struggle in establishing salient security measures deployed by the larger organizations (Tam et al., 2021). Iovan and Iovan (2016) account that more businesses have become victims of cyber-attacks, with 91% of these organizations having experienced these attacks at least once over the past year and 9% of these victims being pre-defined targets. Technological advancement and digitization of major organizational processes, alongside the widespread utilization of the digital tools into main activities, have developed a perfect condition for the development and execution of malware to corrupt organizational data (Iovan & Iovan, 2016).

Studies reveal an increasing innovation or automation of the small businesses as the key hindrance to its success, making them vulnerable to cyber-attacks (Taneja et al., 2016). Furthermore, technological advancement and commitment to vast innovation are risk factors for small businesses as criminals have virtual access to businesses' networks, and hackers have become more skilled in accessing protected data or files, posing salient cyber security threats (Iovan & Iovan, 2016). Udofot and Topchyan (2020) confirm that small businesses remain vulnerable to cyber-attacks due to their limited power to address the sophisticated models adopted by the hackers, making it difficult for their strategies to outsmart the attackers. Furthermore, the reports add that small business are attractive targets to ransomware, as they possess the vast information the criminals want to exploit (Udofot & Topchyan, 2020). They typically lack a robust security infrastructure compared to the larger enterprises (Udofot & Topchyan, 2020). Thus, cyber-attacks remain critical threats and primary concerns for small-sized enterprises, contributed by the inability of their security infrastructure to address external attacks (Udofot & Topchyan, 2020). The numerous threats remain a challenge to small businesses, including malware, viruses, ransomware, and phishing (Iovan & Iovan, 2016).

Iovan and Iovan (2016) confirm that due to the vulnerability of small businesses to cyber-attacks such as ransomware, there is a need for proper planning and assessment of the business environment to identify the business' vulnerability and create a framework to resolve the challenge and protect the organization's assets. Pandey et al. (2020) confirm that small businesses and personal systems are mainly vulnerable to ransomware attacks, primarily by the business being held, hostage. Furthermore, studies show that small business owners have the basic or fundamental instruments for technological risk management but lack the essential procedures, training, and policies to protect their information resources (Berry & Berry, 2018). Berry and Berry (2018) also note that small businesses have limited knowledge of incorporating solid passwords to safeguard their information assets. Mansfield-Devine (2016) acknowledges that a critical challenge with the ransomware attacks in small businesses comes and goes unnoticed. It encrypts networks to decrypt the victims until the ransom is paid (Mansfield-Devine, 2016).

Studies confirm that ransomware is a prevalent challenge facing businesses in the contemporary period considering that small-sized enterprises are making little effort to establish robust security infrastructures (Strauss, 2017; Mansfield-Devine, 2016). Furthermore, the lack of a well-established security system is a salient vulnerability steering the hacker's focus to the small businesses (Mansfield-Devine, 2016). Strauss (2016) confirmed that in 2016, five sheriff and police departments were victims of ransomware attacks in Maine, forcing the departments to pay the ransom for they did not want to risk losing essential data related to law enforcement.

Additionally, Tam et al. (2021) confirm that cyber-attacks are detrimental to the wellness or thriving of small businesses or enterprises, leading to disruption of its operation and losses contributed by the paid ransom. Cheng et al. (2017) confirm that ransomware or malware attacks on small businesses are damaging in terms of loss of sensitive or valuable data, reputational damage, and overall disruption of the organizational operations. Furthermore, cyber-attacks on businesses are linked to the financial losses’ outcomes, as exhibited in the previous attacks, as Anthem insurance lost $100 million in the cost of 2015 attacks (Cheng et al., 2017).

Numerous studies, such as Chen (2016), examine the cyber threats to small businesses in general while accounting for the specifics. Studies such as Chen (2016) and Raghavan et al. (2017), among other numerous studies, explore the widespread cyber threats to small businesses and the factors that increase their vulnerability. In addition, numerous studies such as Van and Code (2018) have investigated the impacts of cyber-attacks such as ransomware on small businesses, having shown detrimental effects. Further, extensive studies provide broad background information on the factors increasing the vulnerability of small businesses to cyber-attacks.

Additionally, other studies examine the strategies for resolving the cyber-attack challenges in small businesses. For example, studies such as Patterson (2017) point out policy decisions as critical approaches to addressing the vulnerability of small businesses to cyber-attacks. These studies are practically and empirically essential for small businesses to develop vast policies on curbing cybercrimes while considering their exposure or factors making them targeted by the hackers. Furthermore, these studies contribute to the knowledge expansion on small businesses' vulnerability while providing consistent evidence applicable in further research.

Statement of the Problem Comment by Garrett Smiley: Requirements have been met. Add citations to the claims without citations (highlighted in yellow). Delete the text highlighted in yellow, as the text is either incorrect or unnecessary. Adopt all adjustments (highlighted in green). Add a statement that identifies what is unknown about this problem that should be known. Add a statement about the potential negative consequences if the proposed study is not performed by the researcher. Checklist: ☐ Begin with “The problem to be addressed in this study is…” This statement should logically flow from the introduction and clearly identify the problem to be addressed by the study (current citations needed). ☐ Succinctly discuss the problem and provide evidence of its existence. ☐ Identify who is impacted by the problem (e.g., individuals, organizations, industries, or society), what is not known that should be known about it, and what the potential negative consequences could be if the problem is not addressed in this study. ☐ Ensure the concepts presented are exactly the same as those mentioned in the Purpose Statement section. ☐ Do not exceed 250-300 words.

Ransomware has continued to be a challenge to small businesses since its discovery two decades ago (Dhinnesh, 2020). Small businesses continue to be regularly attacked using ransomware (Poudyal & Dasgupta, 2021). Ransomware attacks on small businesses or enterprises stand out as critical challenges facing organizations costing them time, resources, and reputation (Knutson, 2021). Approximately two-thirds of the cyber-attacks, in the form of ransomware, target small businesses, targeting critical information such as customer records, information of the vendors, list of the customers, security details such as passwords, among others that the organization uses (Van & Code, 2018). Sufficient evidence justifies the vast challenges of small businesses from ransomware attacks (Van & Code, 2018). Legislative assessments exploring ransomware attacks confirm that small businesses constitute more than half of the victims of ransomware attacks, as most operate on a narrow margin and often have no crucial resources for cyber security (Knutson, 2021).

Kaseya's CEO confirms that between 800 and 1500 businesses across the world have at one point experienced and been affected by ransomware attacks (Satter, 2021). Therefore, the business and consumer societies are the most affected by these ransomware attacks due to data loss and disruption of operations. Small businesses are in a state of limbo as ransomware attacks continue becoming rampant in the society of digitization (Lovan & Lovan, 2016). However, these businesses do not understand that they can leverage their limited power in terms of resources to build a secure infrastructure that is unbreakable or less vulnerable to malicious attacks (Berry & Berry, 2018). As a result, these small enterprises should be aware of the strategies to enhance their safety and manage their risk to external attacks. Therefore, failure to conduct this research will leave the small businesses unenlightened about their vulnerabilities, translating to domestic and global economic disruption. Furthermore, failing to conduct this research will lead to the researcher’s loss for not acquiring new knowledge on helpful mechanisms for leveraging limited resources to develop a safe or secure infrastructure for the small enterprises.

Purpose of the Study Comment by Garrett Smiley: Requirements have been met. Adopt all adjustments (highlighted in green). Include a step-by-step overview of how the study will be conducted. Identify the population. Identify the minimum sample size and justify it using proper citations. Delete the text highlighted in yellow, as the text is either incorrect or unnecessary. Identify how the researcher will have access to data (e.g., paid services through SurveyMonkey, Qualtrics). Either add citations to the claims without citations (highlighted in yellow) or remove them. Checklist: ☒ Begin with a succinct purpose statement that identifies the study method, design, and overarching goal. The recommended language to use is: “The purpose of this [identify research methodology] [identify research design] study is to [identify the goal of the dissertation that directly reflects and encompasses the research questions to follow].” ☐ Indicate how the study is a logical, explicit research response to the stated problem and the research questions to follow. ☐ Continue with a brief but clear step-by-step overview of how the study will be (proposal) or was (manuscript) conducted. ☐ Identify the variables/constructs, materials/instrumentation, and analysis. ☐ For the proposal (DP) identify the target population and sample size needed. For the manuscript (DM), edit and list sample size obtained. ☐ Identify the site(s) where the research will be (proposal) or was (manuscript) conducted using general geographic terms to avoid identifying the specific location. To avoid compromising participants’ confidentiality or anonymity, use pseudonyms. ☐ Do not exceed one paragraph or one page.

The purpose of this qualitative case study is to understand better the impediments to the application of ransomware-specific preventative, detective, and corrective controls by small business owners. The study will incorporate the experiences and perceptions of small business owners and leaders to explore the hindrances to the effective implementation of ransomware controls. The study will be conducted using an open-ended questionnaire directed to small businesses to collect data on their experiences and perceptions about ransomware and what they think are the hindering factors towards controlling these attacks. Therefore, the target population for this case study research is small businesses or enterprises with a target sample size of 30 small businesses. Qualitative research often entails using a small sample size to gain in-depth insight into experience and perceptions (Sim et al., 2018). Furthermore, Sim et al. (2018) confirm an ideal qualitative research sample size ranges between four and 30 for the single case study. Generally, data will be collected from the small businesses' premises, from which their confidentiality will be affected using pseudonyms. The researcher will have access to data using paid services through SurveyMonkey as needed for the study.

Introduction to Theoretical or Conceptual Framework Comment by Garrett Smiley: Requirements have been met. Checklist: ☐ Identify the guiding framework. Present the key concepts, briefly explain how they are related, and present the propositions relevant to this study. ☐ Explain how the framework guided the research decisions, including the development of the problem statement, purpose statement, and research questions. ☐ If more than one framework is guiding the study, integrate them, rather than describing them independently. Do not select a separate framework for each variable/construct under examination. ☐ Do not exceed two pages. A more thorough discussion of the theoretical/conceptual framework will be included in Chapter 2.

The theoretical framework used to explain this study is the routine activity theory introduced by Cohen and Felson in 1979 (Holt et al., 2020). This framework is most appropriate in the given study because it shows how having adequate protection of systems against ransomware can prevent infections. Furthermore, this is a criminology theory based on examining the victimization and offenses of cybercrime (de Melo et al., 2018). Thus, it will help understand the application of ransomware and the development of controls, including preventive, corrective, and detective controls.

Introduction to Research Methodology and Design Comment by Garrett Smiley: Requirements have been met. Delete the text highlighted in yellow, as it is either incorrect or unnecessary for this section. Rewrite this entire section to justify the selection of the research methodology (i.e., qualitative) and research design (i.e., case study). Define and justify these selections using proper citations. Checklist: ☐ Provide a brief discussion of the methodology and design to include a description of the data collection procedure and analysis. Do not include specific details regarding why the methodology and design were selected over others. More detailed information will be included in Chapter 3. ☐ Cite the seminal works related to the selected methodology and design. ☐ Indicate why the selected research methodology and design are the best choices for the study by explaining how they align with the problem and purpose statements as well as the research questions. Do not simply list and describe various research methodologies and designs. ☐ Devote approximately one to two pages to this section.

The selection for this study entails the qualitative as the research methodology and case study as the research design. Studies confirm that qualitative research methodology entails collecting, analyzing, and deducing meaning from non-numerical data (Flick, 2018). Flick (2018) proves that the primary focus of qualitative research is to obtain the individual subjective perceptions and give meaning to their experiences. Hennink et al. (2020) note that qualitative research methodology is crucial for obtaining a quality, in-depth insights into the problem. Therefore, qualitative research methodology is selected for this study due to its ability to obtain insights and information regarding the experiences of people and organizations with a study's problem or phenomenon.

Hennink et al. (2020) note that qualitative research methodology is essential to comprehend or understand diverse people's world experiences and operations. The qualitative method will be selected for this study due to its primary intention to obtain sufficient data on the experiences of small businesses with ransomware. Therefore, the methodology represents a perfect choice to draw insights and interpret perceptions towards the ransomware challenges and the factors impeding effective control of the business challenge. Furthermore, flick (2018) confirms that a qualitative study is flexible and naturalist, meaning it accounts for the changes and incorporates new ideas within real-world contexts. Furthermore, the qualitative method is crucial for this research to obtain meaningful insights by accounting for people or businesses' experiences and perceptions of ransomware challenges. Finally, flick (2018) and Hennink et al. (2020) confirm that the open nature of qualitative research makes it crucial to uncover new problems that could not have been thought of before.

Concerning the selection of a case study as the design for this study entails an in-depth investigation of a single group, particularly the small businesses. Hennink et al. (2020) ascertain that the case study design is crucial to obtain information related to the individual group's previous experience or as the event currently occurs in the course of their life. Studies confirm that a qualitative case study is crucial in exploring an event or phenomenon within a specific context using diverse data sources to discover the multiple facets of the studied concept or phenomena (Rashid et al., 2019). Therefore, this research focuses on the small businesses as the target and specific context for exploring the multiple facets of ransomware by examining the business representatives' perceptions and experiences with the cyber threat to obtain in-depth insights. Case study design accounts for the phenomenon or challenge within the real-life context to consider the features of the problem through the subjective experiences or feelings towards the ransomware attacks. It is crucial to obtain the inadequacies of the systems of small businesses to control or prevent ransomware attacks.

Research Questions Comment by Garrett Smiley: Requirements have been met. Adopt all adjustments (highlighted in green). Checklist: ☐ Present research questions directly answerable, specific, and testable within the given timeframe and location identified in the problem and purpose statements. ☐ Include the exact same variables/constructs, participants, and location mentioned in the problem and purpose statements. No new variables/constructs should be introduced.

RQ1

What are the impediments for the application of ransomware-specific preventative controls by small business owners?

RQ2

What are the impediments for the application of ransomware-specific detective controls by small business owners?

RQ3

What are the impediments for the application of ransomware-specific corrective controls by small business owners?

Significance of the Study Comment by Garrett Smiley: Requirements have been met. Provide citations for all of the claims in this section. Checklist: ☐ Describe why the study is important and how it can contribute to the field of study. ☐ For applied studies, explain how the results might both be significant to leaders and practitioners in the field and contribute to the literature. For PhD studies, explain how the results advance the guiding framework and contribute to the literature. ☐ Describe the benefits of addressing the study problem, achieving the study purpose, and answering the research questions. Whereas the problem statement should articulate the negative consequences of not conducting the study, this section should highlight the positive consequences of completing the study. ☐ Do not exceed one page.

The significance of this study states that it can contribute a lot towards helping small business owners to become more informed regarding the implications of controls relating to cyber security so that they can improve business operations. This research stands out as a novel in nature of purpose, exploring a critically new gap. It is crucial to the field of the study to account for the system inadequacies in small businesses to prevent and control the infectivity of ransomware attacks. Knutson (2021) ascertains that small businesses are overwhelmed by ransomware attacks as they have limited resources to implement preventive strategies. Furthermore, small business owners are often unaware of the magnitude of ransomware threats (Malecki, 2019). The usefulness of this study's result is embedded in the aspect that some business owners can learn through experience how to strengthen and mitigate their cyber security while reducing the negative consequences of ransomware attacks. Most of the time, small business owners provide information to promote stability and safety while being in their locus of control and managing all cost-effectively (Tuttle, 2020). There is a more sophisticated type of information system being used in large businesses compared to small companies, which can help improve the strategies of small companies and adjust them according to the target company. This means that it is necessary to understand complex information systems and also improve subcomponents for better implementation.

This study's findings will highly contribute to the advancement of the guiding framework and literature expansion by addressing the gap in the previous studies that disregards the inadequacies of the small businesses' systems to counter, prevent or mitigate the impacts of ransomware. Most studies, such as Knutson (2021), Tuttle (2020), and Malecki (2019), among other studies, explore the effects of ransomware attacks and prevention mechanisms for small businesses. Therefore, this study extends this exploration to examine the cause of the persistent nature of cyber-attacks on small businesses to understand what is not being done right. Thus, considering this research provides an opportunity to build a resilient small business sector, identify the system flaws, and correct them appropriately.

Definitions of Key Terms Comment by Garrett Smiley: Requirements have been met. Alphabetize the terms. Replace “Term X” with the actual term. Separate the final term into two terms. Checklist: ☐ Alphabetize and bold terms directly related to the dissertation topic and not commonly used or understood. ☐ Paraphrase the definitions of the terms using complete sentences and provide a citation for each one. ☐ Do not define theories, conceptual frameworks, statistical analyses, methodological terms, or the variables/constructs under examination.

Corrective Controls

Corrective controls are deployed to restore systems to a normal state and minimize the effect after an unwanted or unauthorized activity has occurred (Williams et al., 2020).

Detective Controls

Detective controls are the controls that are used for detecting ransomware any kind of online virus that can be harmful to the information system (Williams et al., 2020).

Guardianship

Guardianship is the concept of protection in which the elements of surveillance are used to prevent crime (Young & Yung, 2017).

Preventive Controls

Preventive and corrective controls help develop preventive strategies and have a proper corrective system to overcome the issue in case of any cyber-attack (Williams et al., 2020).

Ransomware

Ransomware is an online virus used to get money from victims (Young & Yung, 2017).

Summary Comment by Garrett Smiley: Requirements have been met. Adopt all adjustments (highlighted in green). Checklist: ☐ Briefly restate the key points discussed in the chapter. Review the headings and/or table of contents to ensure all key points are covered.

The problem addressed in this study is ransomware has been continuing to wreak havoc since its' discovery over twenty years ago (Dhinnesh, 2020). Small businesses continue to be regularly attacked through ransomware (Poudyal & Dasgupta, 2021). The purpose of this qualitative case study is to better understand the impediments to the application of ransomware-specific preventative, detective, and corrective controls by small business owners. The theoretical framework used in this study is the routine activity theory introduced by Cohen and Felson in 1979 (Holt et al., 2020). This framework is most appropriate in the given study because it shows how having adequate protection of systems against ransomware can prevent infections. This study is very significant in identifying the usefulness of developing preventive and control strategies against ransomware. Most of the time, small business owners are not informed about the magnitude of ransomware threats. Some business owners can learn through experience how to strengthen and mitigate their cyber security while reducing the negative consequences of ransomware attacks. This study will provide help to small business owners in overcoming these issues and protecting their data.

Chapter 2: Literature Review Comment by Garrett Smiley: Section missing: Introduction Requirements have not been met (see highlighted areas below). Checklist: ☐ Begin with the first sentence of the purpose statement and problem statement that leads to a brief explanation of the organization of the literature review. Do not simply cut and paste the Purpose Statement section from Chapter 1. ☐ Provide an overview of the sub-headings in the literature that will be discussed. ☐ At the end of this section, indicate the databases accessed and the search engines used. Discuss all the search parameters, including the search terms and their combinations (with more detailed search terms located in an appendix, if appropriate), range of years, and types of literature. ☐ Devote approximately 30 to 60 pages to this chapter to include citations to at least 50 relevant sources.

Begin writing here…

Checklist:

☐ Begin with the first sentence of the purpose statement and problem statement that leads to a brief explanation of the organization of the literature review. Do not simply cut and paste the Purpose Statement section from Chapter 1.

☐ Provide an overview of the sub-headings in the literature that will be discussed.

☐ At the end of this section, indicate the databases accessed and the search engines used. Discuss all the search parameters, including the search terms and their combinations (with more detailed search terms located in an appendix, if appropriate), range of years, and types of literature.

☐ Devote approximately 30 to 60 pages to this chapter to include citations to at least 50 relevant sources.

Theoretical or Conceptual Framework Comment by Garrett Smiley: Section missing: Theoretical or Conceptual Framework Requirements have not been met (see highlighted areas below). Checklist: ☐ Describe the guiding theoretical/conceptual framework of the study, including the definitions of all the concepts, an explanation of the relationships among the concepts, and a presentation of all the assumptions and propositions. ☐ Explain the origin and development of the framework. Demonstrate detailed knowledge of and familiarity with both the historical and the current literature on the framework. ☐ Identify existing research studies that used this framework in a similar way. Mention alternative frameworks, with a justification of why the selected framework was chosen. ☐ Describe how and why the selected framework relates to the present study and how it guided the development of the problem statement, purpose statement, and research questions.

Begin writing here…

Checklist:

☐ Describe the guiding theoretical/conceptual framework of the study, including the definitions of all the concepts, an explanation of the relationships among the concepts, and a presentation of all the assumptions and propositions.

☐ Explain the origin and development of the framework. Demonstrate detailed knowledge of and familiarity with both the historical and the current literature on the framework.

☐ Identify existing research studies that used this framework in a similar way. Mention alternative frameworks, with a justification of why the selected framework was chosen.

☐ Describe how and why the selected framework relates to the present study and how it guided the development of the problem statement, purpose statement, and research questions.

Subtopic Comment by Garrett Smiley: Section missing: Subtopic Requirements have not been met (see highlighted areas below). Checklist: ☐ Critically analyze (i.e., note the strengths and weaknesses) and synthesize (i.e., integrate) the existing research. Rather than reporting on each study independently, describe everything known on the topic by reviewing the entire body of work. ☐ Present a balanced integrative critical review of the literature, ensuring all points of view are included. Cover all the important issues with a discussion of areas of convergence (i.e., agreement) and divergence (i.e., disagreement). Provide potential explanations for areas of divergence. ☐ Address issues of authority, audience, and/or bias/point of view in the sources used.

Begin writing here…

Level 3 Heading

Text...

Level 4 Heading. Text...

Checklist:

☐ Critically analyze (i.e., note the strengths and weaknesses) and synthesize (i.e., integrate) the existing research. Rather than reporting on each study independently, describe everything known on the topic by reviewing the entire body of work.

☐ Present a balanced integrative critical review of the literature, ensuring all points of view are included. Cover all the important issues with a discussion of areas of convergence (i.e., agreement) and divergence (i.e., disagreement). Provide potential explanations for areas of divergence.

☐ Address issues of authority, audience, and bias/point of view in the sources used.

Table 1. Summary of Selected X Studies

Study

Methodology

Sample

Instruments/Constructs

Main findings or contribution

Insert Citation here

Insert Methodology Here

Insert Sample Here

Insert Instruments/Constructs Here

Insert Summary Here.

Insert Citation here

Insert Methodology Here

Insert Sample Here

Insert Instruments/Constructs Here

Insert Summary Here.

Summary Comment by Garrett Smiley: Section missing: Summary Requirements have not been met (see highlighted areas below). Checklist: ☐ Briefly restate the key points discussed in the chapter. Review the headings and/or table of contents to ensure all key points are covered. ☐ Highlight areas of convergence and divergence as well as gaps in the literature that support the need for the study. This discussion should logically lead to Chapter 3, where the research methodology and design will be discussed.

Begin writing here…

Checklist:

☐ Briefly restate the key points discussed in the chapter. Review the headings and/or table of contents to ensure all key points are covered.

☐ Highlight areas of convergence and divergence as well as gaps in the literature that support the need for the study. This discussion should logically lead to Chapter 3, where the research methodology and design will be discussed.

Chapter 3: Research Method Comment by Garrett Smiley: Requirements have been met. Checklist: ☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim. ☐ Provide a brief overview of the contents of this chapter, including a statement that identifies the research methodology and design.

Introduction

Exploration of this research requires a salient approach for collecting in-depth insights from a small sample size. It is the third section of this research paper, targeting to incorporating methods for data collection, essential for attaining quality and reliable study. It is necessary to acknowledge the problems encompassing small businesses or enterprises related to their increased vulnerabilities to ransomware attacks, considering that they have remained the primary targets of the malicious hackers. Nevertheless, this research will collect data to aid small businesses in identifying impediments to preventative, detective, and corrective controls to close the systemic loopholes and enhance the system's safety. This study will adopt a qualitative research method and specifically a case study design, targeting the small businesses as the central focus of the research. Furthermore, the chapter of this study will include components related to the population, sample, instruments, procedures of the study, data analysis, assumptions, limitations, delimitations, ethical concerns, and the summary.

Research Methodology and Design Comment by Garrett Smiley: Requirements have been met. Checklist: ☐ Describe the research methodology and design. Elaborate upon their appropriateness in relation to the study problem, purpose, and research questions. ☐ Identify alternative methodologies and designs and indicate why they were determined to be less appropriate than the ones selected. Do not simply list and describe research methodologies and designs in general.

This study adopts a qualitative research methodology and case study as the research design, preferable to address the current situation of ransomware vulnerability in small enterprises. Studies confirm that qualitative research methodology is applicable when the study focuses on answering questions on experiences, opinions, and perceptions, often from the participants' standpoint (Aspers & Corte, 2019). Similarly, this research focuses on the experiences of the small business enterprises with ransomware attacks, making a qualitative methodology the most preferable. Besides, this research aims to obtain in-depth insights to answer the research questions satisfactorily, making a qualitative approach preferable to provide details. It is crucial to note that the study problem, purpose, and research questions integrate a more subjective experience with ransomware, confirming the need for a qualitative approach to generate understanding through detailed descriptions.

Additionally, studies ascertain that a case study design in qualitative research helps explore a phenomenon within a specific context from various lenses (Rashid et al., 2019). Therefore, a case study design is preferable in this research. The research's purpose, questions, and problem point out the prevalence of the phenomenon (ransomware) in small business enterprises more than in any other place. Therefore, a case study design is an approach to contextualize the phenomenon within the spheres of small businesses.

A quantitative research methodology would make a salient alternative for the qualitative research, but it was declared ineffective since it does not incorporate an interpretation of the participants' experiences. Apuke (2017) confirms that quantitative research contains quantifiable variables to derive numerical data. As a result, since this research focuses on experiences and individual opinions, the variables are unmeasurable, making this quantitative methodology less appropriate. A correlational design would be less suitable for this research considering that there are no variables to connect or explore their relationships. Apuke (2017) ascertains that survey research design is inflexible, making it less preferable for this research, considering that this study requires incorporating changes in the research as they arise to obtain information in detail.

Population and Sample Comment by Garrett Smiley: Requirements have not been met (see highlighted areas below). Reword your recruitment approach to perfectly align with what was stated in chapter one in the purpose of the study section. Checklist: ☐ Describe the population, including the estimated size and relevant characteristics. ☐ Explain why the population is appropriate, given the study problem, purpose, and research questions. ☐ Describe the sample that will be (proposal) or was (manuscript) obtained. ☐ Explain why the sample is appropriate, given the study problem, purpose, and research questions. ☐ Explain the type of sampling used and why it is appropriate for the dissertation proposal methodology and design. For qualitative studies, evidence must be presented that saturation will be (proposal) or was (manuscript) reached. ☐ Describe how the participants will be (proposal) or were (manuscript) recruited (e.g., email lists from professional organizations, flyers) and/or the data will be (proposal) or were (manuscript) obtained (e.g., archived data, public records) with sufficient detail so the study could be replicated.

The target population for this study is the small businesses or enterprises, considering that they are the most vulnerable to the problem addressed in this research, ransomware attacks on businesses. This research seeks to conclude a population of over 31.7 million small enterprises in the United States. The significant characteristics of the population include businesses not having more than 19 employees and with low annual returns. This population is appropriate considering that the problem explored, ransomware in business, is predominant in a small business environment, making them a vulnerable victim to the problem. As a result, this population provides a salient platform for exploring the ransomware challenge from system inadequacies to address the research questions.

The sample of 30 small businesses that have experienced a cyber-attack for the last four years will be obtained from the large population identified above. This sample is appropriate for the study to provide insights from experience and authentic encounters with the explored problem. A purposive sampling technique is preferred for this study to identify and select information-rich cases related to ransomware attacks on small businesses. Vehovar et al. (2016) confirm that purposive sampling, also referred to as judgmental sampling, entails incorporating the researcher's arbitrary ideas seeking a representative sample. Therefore, purposive sampling is appropriate for this research to obtain representative data by relying on personal knowledge of the small businesses that have had cyber-attacks recently. The data saturation will be attained by stretching the diversity of the data and analyzing the responses. When the same comments are repeated more than ten times, saturation will be reached, and data collection can be stopped. Information is analyzed with the collected information. The recruitment of the participants will be conducted by sending requests to the small businesses from which a selection of 30 enterprises will be executed based on the personal judgment of the researcher. From the selected enterprises, the data will be obtained from primary research entailing an examination of the sample population to establish their experiences with the system's inadequacies. Comment by Garrett Smiley [2]: Reword your recruitment approach to perfectly align with what was stated in chapter one in the purpose of the study section.

Materials or Instrumentation Comment by Garrett Smiley: Requirements have not been met (see highlighted areas below). Create open-ended survey questions that align to your research questions and place them in an appendix for my review. Checklist: ☐ Describe the instruments (e.g., tests, questionnaires, observation protocols) that will be (proposal) or were (manuscript) used, including information on their origin and evidence of their reliability and validity. OR as applicable, describe the materials to be used (e.g., lesson plans for interventions, webinars, or archived data, etc.). ☐ Describe in detail any field testing or pilot testing of instruments to include their results and any subsequent modifications. ☐ If instruments or materials are used that were developed by another researcher, include evidence in the appendix that permission was granted to use the instrument(s) and/or material(s) and refer to that fact and the appendix in this section.

Open-ended questionnaires will be used to obtain data on experiences with ransomware attacks and impediments to effective prevention, detection, and correction. Allen (2017) confirms that open-ended questionnaires allow for a comprehensive and holistic approach for the researchers to permit respondents to provide opinions. It allows for diverse data by permitting extra details to qualify and clarify responses to build on accurate and actionable insights for the researcher. Admission of the interpreter's perceptual presuppositions constitutes a salient option with the open-ended questionnaire to enhance validity. Additionally, an online pilot testing will be conducted for this research to pre-test the components of the questionnaire to establish the feasibility of the study process.

Study Procedures Comment by Garrett Smiley: Requirements have not been met (see highlighted areas below). Reword your study procedure to perfectly align with what was stated in chapter one in the purpose of the study section. You can expand upon that discussion in a step-by-step manner but not deviate from it. Checklist: ☐ Describe the exact steps that will be (proposal) or were (manuscript) followed to collect the data, addressing what data as well as how, when, from where, and from whom those data will be (proposal) or were (manuscript) collected in enough detail the study can be replicated.

The open-ended questionnaires will be submitted via email to the selected sample at the primary point of data collection. The feedback will be expected after 14 days of completing the survey. The topmost leaders of the selected enterprises will be responsible for the responses, although it is up to them they can consider delegating this function. Some of the critical data collected include the most recent hack or cyber-attack related to ransomware on the business and the losses incurred. Other data collected include the measures the business is adapting to inhibit future attacks, alongside information on the impediments of applying ransomware-specific preventative, detective, and corrective controls.

Data Analysis Comment by Garrett Smiley: Requirements have not been met (see highlighted areas below). Explain how triangulation will be addressed. Checklist: ☐ Describe the strategies that will be (proposal) or were (manuscript) used to code and/or analyze the data, and any software that will be (proposal) or was (manuscript) used. ☐ Ensure the data that will be (proposal) or were (manuscript) analyzed can be used to answer the research questions and/or test the hypotheses with the ultimate goal of addressing the identified problem. ☐ Use proper terminology in association with each design/analysis (e.g., independent variable and dependent variable for an experimental design, predictor and criterion variables for regression). ☐ For qualitative studies, describe how the data will be (proposal) or were (manuscript) processed and analyzed, including any triangulation efforts. Explain the role of the researcher.

This research will adopt a narrative analysis to analyze data collected by translating the survey responses to abstract findings by establishing core points or sub-topics of the narrative based on the participant's experiences. Data will be processed in terms of narrative blocks from which the research will build subtopics based on experiences with ransomware for every organization. The narrative analysis adopted for this research entails collecting data, writing the findings, reviewing and analyzing them based on the research questions. Besides, this research will also incorporate information from secondary sources to enhance a comprehensive understanding of the explored phenomena by testing validity through the convergence of the findings from diverse sources. The research will be responsible for accessing thoughts and perceptions of the study participants' feelings. Furthermore, the research is obliged to ensure the confidentiality and safety of the participants and their data.

Assumptions Comment by Garrett Smiley: Requirements have been met (but see highlighted areas below). Put this section in a paragraph format with complete statements. Checklist: ☐ Discuss the assumptions along with the corresponding rationale underlying them.

1. The participants provide honest responses – this research entails collecting internal business operations, raising issues of safety and confidentiality of the data. As a result, this assumption incorporates the assertion that respondents do not lie.

2. Previous ransomware attacks resulted in losses – this study examines the systemic inadequacies, making this assumption necessary to select only small businesses that did not overcome the attack.

Limitations Comment by Garrett Smiley: Requirements have been met (but see highlighted areas below). Put this section in a paragraph format with complete statements. Checklist: ☐ Describe the study limitations. ☐ Discuss the measures taken to mitigate these limitations.

1. Time constraints due to the detailed responses from the open-ended questionnaires. Measures to mitigate this limitation entail effective planning to assign adequate time to collect and analyze the data.

2. The sample size will be small, limiting the generalizability of the research. As a result, triangulation, which entails data collection using more than one approach, that is, literature review to ensure convergence of evidence, is preferred in this study.

Delimitations Comment by Garrett Smiley: Requirements have not been met (see highlighted areas below). Put this section in a paragraph format with complete statements. Rephrase the first delimitation to state the sampling method chosen. Tie each delimitation back to the literature using proper citations. Checklist: ☐ Describe the study delimitations along with the corresponding rationale underlying them. An example of delimitations are the conditions and parameters set intentionally by the researcher or by selection of the population and sample. ☐ Explain how these research decisions relate to the existing literature and theoretical/conceptual framework, problem statement, purpose statement, and research questions.

1. I did not choose probabilistic sampling for this research to obtain in-depth insights and details of the experiences from the representative sample. This decision relates to the purpose statement on the need to incorporate individuals' subjective thoughts in problem-solving.

2. Larger businesses are excluded from this research since they have the capacity and resources to mitigate these challenges, hindering an evaluation of the roles of systemic incapability. This decision relates to the existing literature confirming that larger enterprises prevent these challenges before they happen, motivating a shift to small businesses.

Ethical Assurances Comment by Garrett Smiley: Requirements have not been met (see highlighted areas below). State that the risk to participants will be minimal. Explain how researcher bias will be addressed. Checklist: ☐ Confirm in a statement the study will (proposal) or did (manuscript) receive approval from Northcentral University’s Institutional Review Board (IRB) prior to data collection. ☐ If the risk to participants is greater than minimal, discuss the relevant ethical issues and how they will be (proposal) or were (manuscript) addressed. ☐ Describe how confidentiality or anonymity will be (proposal) or was (manuscript) achieved. ☐ Identify how the data will be (proposal) or were (manuscript) securely stored in accordance with IRB requirements. ☐ Describe the role of the researcher in the study. Discuss relevant issues, including biases as well as personal and professional experiences with the topic, problem, or context. Present the strategies that will be (proposal) or were (manuscript) used to prevent these biases and experiences from influencing the analysis or findings. ☐ In the dissertation manuscript only, include the IRB approval letter in an appendix.

It is essential to acknowledge that this research will receive approval from the Northcentral University's Institutional Review Board (IRB) before data collection. Besides, this research will incorporate numerous ethical assurances, including informed consent, by presenting an informed consent form to the participating enterprises, highlighting the research's purpose. This research will be guided by voluntary participation, where responses to the survey will be at the enterprise's preferences, choosing to withdraw their participation any time they feel uncomfortable proceeding. All personal identifying information, such as the name of the enterprises, will be de-identified and instead use pseudonyms to promote confidentiality. Completed surveys will be encrypted to ensure safe data and ensure it is not used illegitimately. Problems anticipated include but are not limited to time constraints and subjectivity in sampling. Effective time management, event scheduling, and sending the results' analysis to the participants to confirm accuracy are vital options for overcoming these experiences.

Summary Comment by Garrett Smiley: Requirements have been met. Checklist: ☐ Summarize the key points presented in the chapter. ☐ Logically lead the reader to the next chapter on the findings of the study.

This research method chapter points out essential elements related to the saliency of this study. The study will incorporate a qualitative research methodology and case study design to explore the impediments towards applying ransomware-specific preventative, detective, and corrective controls. A target population of small businesses and a sample of 30 enterprises are selected to provide insights out of the experience and authentic encounters with cyber-attacks. Salient elements discussed include ethical concerns, assumptions, delimitations, and limitations. Open-ended questionnaires will be used for instrumentation, and narrative analysis will be essential for the data analysis. Therefore, this research will explore the research findings related to the presented questions in chapter one in chapter four.

Chapter 4: Findings Comment by Garrett Smiley: Section missing: Introduction Requirements have not been met (see highlighted areas below). Checklist: ☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim and the organization of the chapter. ☐ Organize the entire chapter around the research questions/hypotheses.

Begin writing here…

Checklist:

☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim and the organization of the chapter.

☐ Organize the entire chapter around the research questions/hypotheses.

Trustworthiness/Validity and Reliability of the Data Comment by Garrett Smiley: Section missing: Trustworthiness/Validity and Reliability of the Data Requirements have not been met (see highlighted areas below). Checklist: ☐ For qualitative studies, clearly identify the means by which the trustworthiness of the data was established. Discuss credibility (e.g., triangulation, member checks), transferability (e.g., the extent to which the findings are generalizable to other situations), dependability (e.g., an in-depth description of the methodology and design to allow the study to be repeated), and confirmability (e.g., the steps to ensure the data and findings are not due to participant and/or researcher bias). ☐ For quantitative studies, explain the extent to which the data meet the assumptions of the statistical test and identify any potential factors that might impact the interpretation of the findings. Provide evidence of the psychometric soundness (i.e., adequate validity and reliability) of the instruments from the literature as well as in this study (as appropriate). Do not merely list and describe all the measures of validity and reliability. ☐ Mixed methods studies should include discussions of the trustworthiness of the data as well as validity and reliability.

Begin writing here…

Checklist:

☐ For qualitative studies, clearly identify the means by which the trustworthiness of the data was established. Discuss credibility (e.g., triangulation, member checks), transferability (e.g., the extent to which the findings are generalizable to other situations), dependability (e.g., an in-depth description of the methodology and design to allow the study to be repeated), and confirmability (e.g., the steps to ensure the data and findings are not due to participant and/or researcher bias).

☐ For quantitative studies, explain the extent to which the data meet the assumptions of the statistical test and identify any potential factors that might impact the interpretation of the findings. Provide evidence of the psychometric soundness (i.e., adequate validity and reliability) of the instruments from the literature as well as in this study (as appropriate). Do not merely list and describe all the measures of validity and reliability.

☐ Mixed methods studies should include discussions of the trustworthiness of the data as well as validity and reliability.

Results Comment by Garrett Smiley: Section missing: Results Requirements have not been met (see highlighted areas below). Checklist: ☐ Briefly discuss the overall study. Organize the presentation of the results by the research questions/hypotheses. ☐ Objectively report the results of the analysis without discussion, interpretation, or speculation. ☐ Provide an overview of the demographic information collected. It can be presented in a table. Ensure no potentially identifying information is reported.

Begin writing here…

Checklist:

☐ Briefly discuss the overall study. Organize the presentation of the results by the research questions/hypotheses.

☐ Objectively report the results of the analysis without discussion, interpretation, or speculation.

☐ Provide an overview of the demographic information collected. It can be presented in a table. Ensure no potentially identifying information is reported.

Research Question 1/Hypothesis Comment by Garrett Smiley: Section missing: Research Question 1/Hypothesis Requirements have not been met (see highlighted areas below). Checklist: ☐ Report all the results (without discussion) salient to the research question/hypothesis. Identify common themes or patterns. ☐ Use tables and/or figures to report the results as appropriate. ☐ For quantitative studies, report any additional descriptive information as appropriate. Identify the assumptions of the statistical test and explain how the extent to which the data met these assumptions was tested. Report any violations and describe how they were managed as appropriate. Make decisions based on the results of the statistical analysis. Include relevant test statistics, p values, and effect sizes in accordance with APA requirements. ☐ For qualitative studies, describe the steps taken to analyze the data to explain how the themes and categories were generated. Include thick descriptions of the participants’ experiences. Provide a comprehensive and coherent reconstruction of the information obtained from all the participants. ☐ For mixed methods studies, include all of the above.

Text…

☐ Report all the results (without discussion) salient to the research question/hypothesis. Identify common themes or patterns.

☐Use tables and/or figures to report the results as appropriate.

☐ For quantitative studies, report any additional descriptive information as appropriate. Identify the assumptions of the statistical test and explain how the extent to which the data met these assumptions was tested. Report any violations and describe how they were managed as appropriate. Make decisions based on the results of the statistical analysis. Include relevant test statistics, p values, and effect sizes in accordance with APA requirements.

☐ For qualitative studies, describe the steps taken to analyze the data to explain how the themes and categories were generated. Include thick descriptions of the participants' experiences. Provide a comprehensive and coherent reconstruction of the information obtained from all the participants.

☐ For mixed methods studies, include all of the above.

C:\Users\gsmil\Desktop\ncu-edu-logo.png

Figure 1. Insert Figure Title Here

Evaluation of the Findings Comment by Garrett Smiley: Section missing: Evaluation of the Findings Requirements have not been met (see highlighted areas below). Checklist: ☐ Interpret the results in light of the existing research and theoretical or conceptual framework (as discussed in Chapters 1 and 2). Briefly indicate the extent to which the results were consistent with existing research and theory. ☐ Organize this discussion by research question/hypothesis. ☐ Do not draw conclusions beyond what can be interpreted directly from the results. ☐ Devote approximately one to two pages to this section.

Begin writing here…

Checklist:

☐ Interpret the results in light of the existing research and theoretical or conceptual framework (as discussed in Chapters 1 and 2). Briefly indicate the extent to which the results were consistent with existing research and theory.

☐ Organize this discussion by research question/hypothesis.

☐ Do not draw conclusions beyond what can be interpreted directly from the results.

☐ Devote approximately one to two pages to this section.

Summary Comment by Garrett Smiley: Section missing: Summary Requirements have not been met (see highlighted areas below). Checklist: ☐ Summarize the key points presented in the chapter.

Begin writing here…

Checklist:

☐ Summarize the key points presented in the chapter.

Chapter 5: Implications, Recommendations, and Conclusions Comment by Garrett Smiley: Section missing: Introduction Requirements have not been met (see highlighted areas below). Checklist: ☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim, and a brief review of methodology, design, results, and limitations. ☐ Conclude with a brief overview of the chapter.

Begin writing here…

Checklist:

☐ Begin with an introduction and restatement of the problem and purpose sentences verbatim, and a brief review of methodology, design, results, and limitations.

☐ Conclude with a brief overview of the chapter.

Implications Comment by Garrett Smiley: Section missing: Implications Requirements have not been met (see highlighted areas below). Checklist: ☐ Organize the discussion around each research question and (when appropriate) hypothesis individually. Support all the conclusions with one or more findings from the study. ☐ Discuss any factors that might have influenced the interpretation of the results. ☐ Present the results in the context of the study by describing the extent to which they address the study problem and purpose and contribute to the existing literature and framework described in Chapter 2. ☐ Describe the extent to which the results are consistent with existing research and theory and provide potential explanations for unexpected or divergent results. ☐ Identify the most significant implications and consequences of the dissertation (whether positive and/or negative) to society/desired societal outcomes and distinguish probable from improbable implications.

Begin writing here…

Checklist:

☐ Organize the discussion around each research question and (when appropriate) hypothesis individually. Support all the conclusions with one or more findings from the study.

☐ Discuss any factors that might have influenced the interpretation of the results.

☐ Present the results in the context of the study by describing the extent to which they address the study problem and purpose and contribute to the existing literature and framework described in Chapter 2.

☐ Describe the extent to which the results are consistent with existing research and theory and provide potential explanations for unexpected or divergent results.

☐ Identify the most significant implications and consequences of the dissertation (whether positive and/or negative) to society/desired societal outcomes and distinguish probable from improbable implications.

Research Question 1/Hypothesis

Text…

Recommendations for Practice Comment by Garrett Smiley: Section missing: Recommendations for Practice Requirements have not been met (see highlighted areas below). Checklist: ☐ Discuss recommendations for how the findings of the study can be applied to practice and/or theory. Support all the recommendations with at least one finding from the study and frame them in the literature from Chapter 2. ☐ Do not overstate the applicability of the findings.

Begin writing here…

Checklist:

☐ Discuss recommendations for how the findings of the study can be applied to practice and/or theory. Support all the recommendations with at least one finding from the study and frame them in the literature from Chapter 2.

☐ Do not overstate the applicability of the findings.

Recommendations for Future Research Comment by Garrett Smiley: Section missing: Recommendations for Future Research Requirements have not been met (see highlighted areas below). Checklist: ☐ Based on the framework, findings, and implications, explain what future researchers might do to learn from and build upon this study. Justify these explanations. ☐ Discuss how future researchers can improve upon this study, given its limitations. ☐ Explain what the next logical step is in this line of research.

Begin writing here…

Checklist:

☐ Based on the framework, findings, and implications, explain what future researchers might do to learn from and build upon this study. Justify these explanations.

☐ Discuss how future researchers can improve upon this study, given its limitations.

☐ Explain what the next logical step is in this line of research.

Conclusions Comment by Garrett Smiley: Section missing: Conclusions Requirements have not been met (see highlighted areas below). Checklist: ☐ Provide a strong, concise conclusion to include a summary of the study, the problem addressed, and the importance of the study. ☐ Present the “take-home message” of the entire study. ☐ Emphasize what the results of the study mean with respect to previous research and either theory (PhD studies) or practice (applied studies).

Begin writing here…

Checklist:

☐ Provide a strong, concise conclusion to include a summary of the study, the problem addressed, and the importance of the study.

☐ Present the "take-home message" of the entire study.

☐ Emphasize what the results of the study mean with respect to previous research and either theory (PhD studies) or practice (applied studies).

References Comment by Garrett Smiley: Section missing: References Correct your APA errors here. Here’s some example references that are properly formatted: Ajournalarticle, R. H., Spud, P. T., & Psychologist, R. M. (2016). Title of journal article goes here. Journal of Research in Personality, 22, 236-252. https://doi.org/doi:10.1016/0032-026X.56.6.895* B’Onlinesourcesareconfusing, S. O. (2010). Search for answers at apastyle.org and include issue numbers after volume numbers when there is no DOI. Journal of Articles Without Digital Object Identifiers, 127 (3), 816-826. Cmagazinearticle, B. E. (2009, July). Note the last names on this page: Each source type has to be formatted in a different way. [Special issue]. Prose Magazine, 126 (5), 96-134. Dbookreference, S. M., Orman, T. P., & Carey, R. (1967). Google scholar’s “cite” feature is usually accurate and time-saving. Pearson. O’encyclopedia, S. E. (1993). Words. In The new encyclopedia Britannica (vol. 38, pp. 745-758). Chicago, IL: Penguin. Pchapter, P. R., & Inaneditedvolume, J. C. (2001). Scientific research papers provide evidence of frustration with giant style manuals. In P. Z. Wildlifeconservation, R. Dawkins, & J. H. Dennett (Eds.), Research papers are hard work but boy are they good for you (pp. 123-256). New York, NY: Simon & Schuster. Qosenberg, Morris. (1994, September 11). This is how you cite an online news article that has an author. The Washington Post. http://www.washingtonpost.com/dir/subdir/2014/05/11/a-d9-11e3_story.html Checklist: ☐ Please go through and correct all references; use the easy to understand reference examples that I have provided in my tailored template. The key is to make sure you adhere rigidly to the respective example (with the most common example being that for a journal article). ☐ Create your reference list as you develop each section. As each citation is included in the paper, insert the reference in this section. ☐ For each reference that is listed, there must be at least one corresponding citation within the body of the text and vice versa. ☐ The references should be alphabetized by the last name of the first author. ☐ If using a citation software, ensure all information is included and properly formatted. Although such programs can be helpful, they are not always correct.

Berry, C. T., & Berry, R. L. (2018). An initial assessment of small business risk management approaches for cyber security threats. International Journal of Business Continuity and Risk Management8(1), 1. https://doi.org/10.1504/ijbcrm.2018.10011667

Chen, J. (2016). Cyber security: Bull's-eye on small businesses. Journal of International Business and Law, 16(1), 97-118. https://scholarlycommons.law.hofstra.edu/cgi/viewcontent.cgi?article=1309&context=jibl

Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: Causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery7(5), e1211. https://doi.org/10.1002/widm.1211

de Melo, S. N., Pereira, D. V., Andresen, M. A., & Matias, L. F. (2018). Spatial/temporal variations of crime: A routine activity theory perspective. International journal of offender therapy and comparative criminology, 62(7), 1967-1991.

Dhinnesh, N. (2020). Analysis of ransomware and its prevention. Global Research and Development Journal For Engineering, 5(3), 1-4.

Flick, U. (2018). An introduction to qualitative research. SAGE.

Hennink, M., Hutter, I., & Bailey, A. (2020). Qualitative research methods. SAGE.

Holt, T. J., Leukfeldt, R., & van de Weijer, S. (2020). An examination of motivation and routine activity theory to account for cyberattacks against Dutch web sites. Criminal Justice and Behavior, 47(4), 487-505.

Iovan, S., & Iovan, A. A. (2016). From cyber threats to cyber-crime. Journal of Information Systems & Operations Management, 425. https://www.rebe.rau.ro/RePEc/rau/jisomg/WI16/JISOM-WI16-A15.pdf

Knutson, T. (2021, July 27). Small businesses bearing brunt of ransomware attacks, Senate told. Forbes. https://www.forbes.com/sites/tedknutson/2021/07/27/small-businesses-bearing-brunt-of-ransomware-attacks-senate-told/

Malecki, F. (2019). Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019(3), 8-10.

Mansfield-Devine, S. (2016). Ransomware: Taking businesses hostage. Network Security2016(10), 8-17. https://doi.org/10.1016/s1353-4858(16)30096-4

Pandey, A. K., Tripathi, A., Alenezi, M., Agrawal, A., Kumar, R., & Ahmad, R. (2020). A framework for producing effective and efficient secure code through malware analysis. International Journal of Advanced Computer Science and Applications11(2). https://doi.org/10.14569/ijacsa.2020.0110263

Patterson, J. (2017). Cyber-security policy decisions in small businesses (Doctoral dissertation, Walden University). https://scholarworks.waldenu.edu/cgi/viewcontent.cgi?article=5655&context=dissertations

Poudyal, S., & Dasgupta, D. (2021). Analysis of crypto-ransomware using ML-based multi-level profiling. IEEE Access, 9, 122532-122547. Https://doi: 10.1109/ACCESS.2021.3109260.

Raghavan, K., Desai, M. S., & Rajkumar, P. V. (2017). Managing cybersecurity and ecommerce risks in small businesses. Journal of management science and business intelligence2(1), 9-15. http://ibii-us.org/Journals/JMSBI/V2N1/Publish/V2N1_2.pdf

Rashid, Y., Rashid, A., Warraich, M. A., Sabir, S. S., & Waseem, A. (2019). Case study method: A step-by-step guide for business researchers. International Journal of Qualitative Methods18https://doi.org/10.1177/1609406919862424

Satter, R. (2021, July 5). Up to 1,500 businesses affected by ransomware attack, U.S. firm's CEO says. Reuters. https://www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/

Sim, J., Saunders, B., Waterfield, J., & Kingstone, T. (2018). Can sample size in qualitative research be determined a priori? International Journal of Social Research Methodology21(5), 619-634. https://doi.org/10.1080/13645579.2018.1454643

Strauss, S. (2017, February 20). Cyber threat is huge for small businesses. USA TODAY. https://www.usatoday.com/story/money/columnist/strauss/2017/10/20/cyber-threat-huge-small-businesses/782716001/

Tam, T., Rao, A., & Hall, J. (2021). The good, the bad and the missing: A narrative review of cyber-security implications for Australian small businesses. Computers & Security109, 102385. https://doi.org/10.1016/j.cose.2021.102385

Taneja, S., Pryor, M. G., & Hayek, M. (2016). Leaping innovation barriers to small business longevity. Journal of Business Strategy37(3), 44-51. https://doi.org/10.1108/jbs-12-2014-0145

Tuttle, W. J. (2020). Effective Strategies Small Business Leaders Use to Address Ransomware (Doctoral dissertation, Walden University).

Udofot, M., & Topchyan, R. (2020). Factors related to small business cyber-attack protection in the United States. International Journal of Cyber-Security and Digital Forensics9(1), 12-25. https://doi.org/10.17781/p002644

Van, R., & Code, A. L. (2018). Online vulnerabilities facing small businesses today. Governance Directions70(10), 648-651. https://kottgunn.com.au/wp-content/uploads/2018/10/Governance-Directions-November-2018-Online-vulnerabilities-facing-small-business-today.pdf

Williams, C., Donaldson, S., & Siegel, S. (2020). Cyberdefense Concepts. In Building an Effective Security Program (pp. 55-79). De Gruyter.

Young, A., & Yung, M. (2017). Cryptovirology: The birth, neglect, and explosion of ransomware. Communications of the ACM, 60(7), 24-26. Doi:10.1145/3097347

Appendix X: XXX XXX Comment by Garrett Smiley: Section missing: Appendices Requirements have not been met (see highlighted areas below). Checklist: ☐ Remove all boilerplate and make sure that you have appendices for all pertinent areas: IRB approval letter, instruments/surveys, site permission letters, instrument/survey permission letters, etc. ☐ Each appendix that is referenced in the text should appear in this section at the end of the manuscript. Appendices should be listed in the order in which they are referenced in the text. ☐ Remember to include each appendix in your Table of Contents ☐ Be sure to de-identify all materials so that readers cannot identify participants or where the data were specifically collected.

Insert Appendix X content here…