Law Week 3 assignment

Overall Feedback from Research Question Week 1

I have taken a look at your document and added some comments.

Ensure you continue to use the graduate template with each assignment adding to it as you go.  Address my suggestions

Leave my track changes in your subsequent document submissions until the end but let me know you addressed each comment.

I have included some documents to assist.  Look at completed thesis for a good guide on structure

I want to commend you on the relevance of your research question. You've done an excellent job identifying a meaningful gap in the literature—specifically, the lack of attention given to how small and medium-sized enterprises (SMEs) incorporate cybersecurity into their broader risk management strategies. Your ability to connect this gap to real-world consequences, such as the high closure rate of SMEs following cyberattacks, shows strong analytical thinking and a deep understanding of the topic’s urgency.

To help sharpen your research focus, I suggest refining your question slightly to better reflect the integration aspect you’re exploring. Consider the following revision:

"How do small and medium-sized enterprises (SMEs) integrate cybersecurity into their overall risk management strategies, and what impact does this integration have on organizational resilience?"

As you continue your research, I encourage you to explore how sector-specific factors (e.g., regulatory environments in healthcare vs. retail) influence cybersecurity integration. 

Thesis Proposal - Week 3

Instructions

A formal thesis proposal shall be prepared in accordance with the standards of the academic discipline. The formal proposal must provide a clear and lucid description of a question or problem and a proposed method of answering the question or solving the problem. Capstone thesis faculty must approve the proposal before students move on to the next stage of the process. The proposal should explain the question or problem to be investigated and convince the thesis professor that the question or problem merits investigation. It should show that the student has read the relevant and recent literature on the subject and it should contain a list of academically appropriate resources consulted during the preliminary stages of research. In general, the thesis proposal should include background information related to the research topic, purpose of the research, methodology, and analytic procedures to be used. Proposal drafting is considered a learning process and helps students avoid oversights and possible mistakes. For further guidance on what the thesis should contain, see the Security Management Program Exit Overview and the End of Program Assessment Manual).  

SCMT699 Research Proposal - Specific Instructions

For the thesis proposal, include each element in an abbreviated format.  

PLEASE USE THE ATTACHED TEMPLATE TO ENSURE YOUR PROPOSAL CONFORMS TO THE STRUCTURAL REQUIREMENTS. 

MA Theses are expected to contain the following elements:

(adapted from the End of Program Assessment Manual) 

Introduction - Approximately one (1) page in length. Your introduction will provide background and contextual material justifying your topic. Your introduction will also include a statement of the problem followed by a purpose statement. The introduction concludes with one or several specific research questions that sets the general context for the study.  

Literature Review - Approximately two (2) pages in length with at least six (6) peer-reviewed journal articles that address the conceptual elements of the thesis and demonstrate that there is a "research gap." Your review of the literature centers on your specific research question(s). The literature review focuses on discussing how other researchers have addressed the same of similar research questions. It introduces the study and places it in a larger context that includes a discussion of why it is important to study this topic. It provides current state of our accumulated knowledge as it relates to your specific research question. In your literature review you should summarize and synthesize the material. Identify the findings as well as the methodology used to obtain those findings.  

Theoretical Framework - Approximately one (1) page in length which includes a scholarly source that illustrates the framework you may use in your own study. In this section you will identify the gap in the literature and explain how your thesis addresses that gap. You will also present, explain, and justify your preliminary thoughts on a theory or model that you will use in your study. If you are developing a model you should present a preliminary diagram. Finally, you should state a hypothesis that is testable.  

Research Design. Approximately two (2) pages in length. This section represents your preliminary thoughts on how you will answer your research question(s). What design do you intend to use (i.e. case study method, mixed methods approach, interviews, surveys, policy evaluation). What data will you need to collect to answer your question? Where does this data exist? How will you collect it? How will you analyze it? What are the limitations of your method?

Reference List - References should be presented alphabetically in APA format. 

Technical Requirements

· Your paper must be at a minimum of 4-5 pages (the Title and Reference pages do not count towards the minimum limit).

· Scholarly and credible references should be used. A good rule of thumb is at least 2 scholarly sources per page of content.

· Type in Times New Roman, 12 point and double space.

· Students will follow the current APA Style as the sole citation and reference style used in written work submitted as part of coursework. 

· Points will be deducted for the use of Wikipedia or encyclopedic type sources. It is highly advised to utilize books, peer-reviewed journals, articles, archived documents, etc.

· All submissions will be graded using the assignment rubric

2

THE IMPACT OF CYBERSECURITY MEASURES ON ORGANIZATIONAL RISK MANAGEMENT IN SMALL AND MEDIUM-SIZED ENTERPRISES (SMEs)

A Master Thesis

Submitted to the Faculty

of

American Public University

by

Cristian DeWeese

In Partial Fulfillment of the

Requirements for the Degree

of

Master of Arts

December 2025

American Public University

Charles Town, WV

Introduction Comment by Christopher Martinez, PhD: Add this in your next submission the introduction must set context for your research by mentioning what is known about the topic and what needs to be explored further. In the introduction, you can highlight how your research will contribute to the existing knowledge in your field and to overall scientific development. The introduction must also contain a hypothesis that led to the development of the research design. You can come up with this hypothesis by asking yourself questions like: What is the central research problem? What is the topic of study related to that problem? What methods should be used to analyze the research problem? Why is this research important, what is its significance, and how will its outcomes affect the funders and the society on the whole?   

Statement of the Problem Comment by Christopher Martinez, PhD: Problem Statement is very concise 250-300 words. First sentence should be: The problem to be explored is…. Grab the reader   See this link: What is a Problem Statement? With Examples | Author Services Blog (elsevier.com)

Small and medium-sized enterprises (SMEs) constitute an important part of the global economy since these enterprises are frequently serving as an engine of growth and employment (Enaifoghe, 2023). Nonetheless, SMEs have started attracting cyber threats, but most of them do not have strong cyber security mechanisms to defend their businesses. According to a study published by the European Union Agency on Cyber security (ENISA, 2020) it was found that almost 60 percent of SMEs who were victims of a cyber-attack go out of business within six months demonstrating how seriously a company can be impacted by having a lax approach towards cyber security practices (Arroyabe et al., 2024). Regardless of this, the SMEs still tend to underestimate the threat of cyber threats and do not incorporate cyber security into their overall risk management procedures. Comment by Christopher Martinez, PhD: Well introduced acronym

This study will seek to answer this gap by investigating the current state of cyber security practices among SMEs and how the practices are influencing the entire risk management policies of the organization. The issue is that it is not clear whether SMEs now integrate cyber security in their risk management strategies and whether those are effective ways to reduce the risks of operational, financial, and reputational risks linked to cyber-attacks (Benjamin et al., 2024). The study will therefore have a more vivid understanding of how the SMEs are undertaking cyber security risks and some of the challenges faced by them in their implementation and intrusion of cyber security factors in their risk management strategies.

Purpose Statement Comment by Christopher Martinez, PhD: A purpose statement announces the purpose, scope, and direction of the paper. It tells the reader what to expect in a paper and what the specific focus will be. Common beginnings include: “The purpose of this research…" A purpose statement makes a promise to the reader about the development of the argument but does not preview the particular conclusions that the writer has drawn. Also the Problem, Purpose and research questions all need to be aligned with each other Here is a link: https://education.nova.edu/summer/2017sessionmaterials/Required_T1_Alignment_Presentation_Weintraub.pdf

This study aims to investigate the effects of cyber security solutions on the risk management of the organization of small and medium-sized enterprises (SMEs) (AL-Dosari & Fetais, 2023). The scope of the qualitative study will consist of finding out what practices SMEs put in place to prevent cyber security incidents and the impact these practices have on their overall risk management. This study will seek to unravel obstacles that SMEs have experienced when attempting to implement measures to integrate cyber security into their risk management strategies and how applicable these preventive or mitigation activities have proved to be against possible risks. The proposed research aims to deliver specific recommendations to SME executives, IT specialists, and policymakers on how to outline cyber security strategies to integrate them with the organizational risk management.

Conducting the study on SMEs will allow investigating the specific issues of these organizations as opposed to large corporations, which are usually more resourceful (in terms of cyber security) (Chidukwani et al., 2022). In addition, the study will examine the way cyber security will become an essential part of the risk management approaches of SMEs, not only as a technological asset but as a risk management system in terms of prevention and response.

Research Question

This research question is the core of the study:

What is the effect of cyber security on risk management in small and medium enterprises (SMEs)? Comment by Christopher Martinez, PhD: Refined RQ: How do current cyber security practices adopted by small and medium-sized enterprises (SMEs) influence the effectiveness of their overall risk management strategies? A good Research questions https://www.sciencebuddies.org/blog/a-strong-hypothesis  Framework of Problem.pdf   hypothesis.pdf

Research Design Comment by Christopher Martinez, PhD: You will refine this with further research and methodology but a good start   Have you tried to go through AMU library to Proquest and search completed and published dissertations to see some ideas on research design.  You may find how the researcher faced some obstacles in conducting their research and how a systematic design allowed others to replicate the study.

The study that will be conducted as part of the dissertation will employ a qualitative case study design that will allow exploring the way small and medium-sized enterprises (SMEs) approach cyber security and incorporate it into the context of organizational risk management (Franco et al., 2022). The emphasis is on seeing the practical use of cyber security and its measures in terms of managing risks in SMEs.

Case Study Selection: The research will take a sample of a few SMEs of various sectors, like retail, healthcare, and manufacturing. Such organizations will be selected in terms of their provision of cyber security practices in their risk management plans. The objective is to acquire knowledge about various industries to learn how cyber security is implemented in other sets of contexts in SMEs (Arroyabe et al., 2024).

Data Collection: Semi-structured interviews will be used to gather data to obtain the opinions of important persons within the SMEs (IT managers, risk managers, business owners) (Pavlista et al., 2021). Such interviews will offer first-hand information on the integration process of cyber security measures in risk management processes.

The duration of each interview will take about 45 minutes to one hour. An interview will be done either in a face-to-face venue or by the use of video conferencing, as per the occasion.

Data Analysis: The responses obtained after the interviews will be closely examined so as to gain important insights in line with the research questions. The objective is to identify the ways CMEs are embracing cyber security metrics in the management of risks and the approaches that they are facing (Benjamin et al., 2024). The findings will be summarized through an orderly and concise process so as to draw inferences on the association between cyber security practice and risk management in SMEs.

Ethical Considerations: the research will be given ethical approval with all the participants being informed about the purpose of the study, their involvement, and provided with the willingness to withdraw at any moment (O Sullivan et al., 2021). The interviewees will receive information concerning the interventions and will consent to the interventions before they take place. In the research, patients will be given confidentiality. The names of the participants shall not be mentioned, and all data shall be maintained securely. Aggregated data will be the only information that will be reported in the final report in order to safeguard the privacy.

Reference List Comment by Christopher Martinez, PhD: You have 8 of 9 peered reviewed journal articles on this list this is a good start...strive for 80 percent. Also, each reference needs to be cited in the document or removed. Continue to add references exponentially as your research grows…heavily cite your document while synthesizing what others have said. Your reference list must grow to conduct a thorough research on your chosen topic. Check the formatting of your references against APA 7th edition

AL-Dosari, K., & Fetais, N. (2023). Risk-management framework and information-security systems for small and medium enterprises (SMES): A meta-analysis approach.  Electronics,  12(17), 3629. https://www.mdpi.com/2079-9292/12/17/3629

Arroyabe, M. F., Arranz, C. F., De Arroyabe, I. F., & de Arroyabe, J. C. F. (2024). Exploring the economic role of cybersecurity in SMEs: A case study of the UK.  Technology in Society,  78, 102670. https://www.sciencedirect.com/science/article/pii/S0160791X24002185

Arroyabe, M. F., Arranz, C. F. A., Fernández De Arroyabe, I., & Fernández de Arroyabe, J. C. (2024). Revealing the realities of cybercrime in small and medium enterprises: Understanding fear and taxonomic perspectives. Computers & Security, 141, 102395. https://doi.org/10.1016/j.cose.2024.102395

Benjamin, L. B., Adegbola, A. E., Amajuoyi, P., Adegbola, M. D., & Adeusi, K. B. (2024). Digital transformation in SMEs: Identifying cybersecurity risks and developing effective mitigation strategies.  Global Journal of Engineering and Technology Advances,  19(2), 134-153. https://pdfs.semanticscholar.org/010a/29936b274e280c2f252fb3b3de1a189c079a.pdf?_gl=1*16i53im*_gcl_au*MzY4MDAwNjQ1LjE3MzcxMzM5MDA.*_ga*MTE1NzQwNTE3MS4xNzM3MTMzOTAw*_ga_H7P4ZT52H5*MTczNzEzMzkwMC4xLjAuMTczNzEzMzkwMy41Ny4wLjA .

Chidukwani, A., Zander, S., & Koutsakis, P. (2022). A survey on the cyber security of small-to-medium businesses: challenges, research focus and recommendations.  IEEe Access,  10, 85701-85719. https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9853515

Enaifoghe, A. (2023). Enhancing the role and contributions of small and medium enterprises (SMEs) in a globalized and innovative economy: challenges and opportunities. https://www.preprints.org/frontend/manuscript/2b37c392b8684ac4699882559cf4831c/download_pub

Franco, M. F., Lacerda, F. M., & Stiller, B. (2022). A framework for the planning and management of cybersecurity projects in small and medium-sized enterprises.  Revista de Gestão e Projetos,  13(3), 10-37. https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&as_ylo=2021&q=Franco%2C+M.+F.%2C+Lacerda%2C+F.+M.%2C+%26+Stiller%2C+B.+%282022%29.+A+framework+for+the+planning+and+management+of+cybersecurity+projects+in+small+and+medium-sized+enterprises.+Revista+de+Gest%C3%A3o+e+Projetos%2C+13%283%29%2C+10-37.&btnG =

O’Sullivan, L., Feeney, L., Crowley, R. K., Sukumar, P., McAuliffe, E., & Doran, P. (2021). An evaluation of the process of informed consent: views from research participants and staff.  Trials,  22(1), 544. https://link.springer.com/content/pdf/10.1186/s13063-021-05493-1.pdf

Pavlista, V., Angerer, P., & Diebig, M. (2021). Barriers and drivers of psychosocial risk assessments in German micro and small-sized enterprises: a qualitative study with owners and managers.  BMC public health,  21(1), 1376. https://link.springer.com/content/pdf/10.1186/s12889-021-11416-1.pdf