Response

profilecrucero
response.docx

Response:

Please respond to these 4 colleagues' postings.

In your responses, be sure to do the following:

· Address the content of each colleague's analysis and evaluation of the topic, as well as the integration of relevant resources.

· Address the question(s) posed by each colleague for further Discussion.

· Analyze the relationship between each colleague’s posting to other colleagues’ postings or to other course materials and concepts, where appropriate and relevant.

· Include proper APA citations.

Colleagues' postings 1:

When conducting my literature review I found two articles that are both quantitative. Each is based on information security and the impact it has on organizations. Flowerday and Tuykieze identified the major concepts that are needed in the development and implementation stages. The study constructed a survey to collect information from 400 security professionals. 200 of which are based in the United Kingdom and the other 200 are in the United States. The way they administered the survey was through Survey Monkey. They were asked several questions ranging from the type of organization they were in to their gender. After asking several basic questions the respondents they were asked questions on the proposed framework. The answers were the ran through SPSS identifying the most important constructs, most valuable framework etc. Safa et. al. brought forth how employees attitudes can change when information security policies are implemented. The study mentions the need for organizations to involve their employees when implementing security policies. Safa and his colleagues use the social bond theory as their theoretical framework. The Social Bond Theory describes how individuals who have stronger social ties, engage in less deviant behavior. The four elements in this theory are attachment, involvement, commitment and personal norms. To shape the study Safa and his colleagues created 7 hypotheses.

H1. Information security knowledge sharing has a positive effect on employee’s attitude towards compliance with ISOP.

H2. Information security collaboration has a positive effect on employee attitudes towards compliance with ISOP.

 H3. Information security intervention has a positive effect on employee attitudes towards compliance with ISOP.

 H4. Information security experience has a positive effect on employee attitudes towards compliance with ISOP.

H5. Attachment has a positive effect on employee attitudes towards compliance with ISOP

H6. Commitment has a positive effect on employee attitudes towards compliance with ISOP.

H7. Personal norms have a positive effect on employee’s attitudes towards compliance with ISOP.

In this study Safa at. el., collected data from employees from four different companies who have already established proper information security policies. The data was collected by means of the Likert scale and questionnaires.

            What I see in these two quantitative studies is that they both used some type of questionnaire and/or survey. If I were to propose a quantitative study I would probably use these types of methods to collect data. I would build a survey and pass it out to the departments who need to implement security policies or have policies in their department. The survey would ask questions like this “Rate the information security policy at Southwest Texas Junior College (SWTJC)”. I could use the research instruments Survey Monkey and SPSS because I have used both heavily for my job. I can draw from the hypothesis used to create my own. As for the frameworks, I am not entirely sure they will be able to reflect what I am doing in my study. 

Questions I have are:

· Would the social bond theory work as my framework if I am proposing security policies to educational institutions? If not do you have any theoretical framework in mind for my study?

· Should I ask surrounding colleges in the area if they are interested in participating in the study?

· Should I limit myself to only the technology department or administer the survey to departments who handle private information as well?

  

Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and implementation: the what, how and who. Computers and Security, 169-183.

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers and Security , 70-82.

 

Colleagues' postings 2:

Most papers on the use of human-machine interfaces by the elderly mention that old age is associated with a measurable reduction in intellectual skills (Zajicek, 2001). That decline seems to affect the amount of new information acquired. And with that says Zajicek (2001), the older computer user will experience problems learning how to use applications. Start-Hamilton (1999) calls this type of learning “fluid memory”. With this memory, we can explore, make mistakes, and learn how to use a user interface. There is no formal training or “cultural practices” to call on to help learn the interface. Once the interface is mastered, older people are not as able to retrace their steps to a routine as younger people are able to (Zajicek, 2001). A similar analysis is found in Rau (2002). Both papers used an experimental design methodology.

Rau (2002) conducted experiments to find how older people liked touch screens and voice control, which was referred to as direct manipulation devices, and indirect manipulation devices such as a mouse. The first hypotheses said that the browsing performance and attitudes will be better with a direct manipulation device rather than an indirect device. The second was similar looking at keyword searching performance would be better with a direct type of device. Zajicek (2001) also looked at voice as a better type of device; however, only a pilot study of eight subjects was performed.

Both papers helped my understanding of possible physical problems that should be understood and known when studying elderly computer use. Both had similar theoretical frameworks when performing the research. The Rau study found that older users with touch screens were quicker and less frustrated than others using voice control and mouse devices. That seems interesting to me. What is it about touchscreens that make them easier to use for the older user? I believe that pressing (touching) buttons or dials on a touchscreen are similar to what the elderly experience in the world.

References

Rau, P., Hsu, J. (2002, October 4). A Study of Interaction Devices and WWW User Interface Design for Older Adults. Proceedings of the Human Factors and Ergonomics Society: 46th Annual Meeting. Baltimore, Maryland. (219-223).

Stuart-Hamilton, I. (1999). Intellectual changes in late life. Psychological Problems of Ageing. Chichester, England. Wiley.

Zajicek, M. (2001, May 22). Interface Design for Older Adults. WUAUC 2001, Alcacer de Sal, Portugal. (60-65)

Colleagues' postings 3:

In my opinion I think that the survey strategy is very helpful if it is done correctly. Dr. George Smeaton stated that if the survey was ranked from the least uncomfortable question and works it way to uncomfortable questions, that the person taking the survey would begin to build a rapport (Laureate Education, 2008e). This is helpful when the researcher is looking to ask questions that could be considered sensitive in nature. After watch Dr. Smeaton’s clip, I have considered how my topic of cybersecurity would fall into the sensitive arena. My research would be asking IT staff questions about the process that is used in various incident situations. It is not common for people to want to speak open about this, because they feel it may affect them in a negative way.

Along with completing a survey, conducting an experiment may be just as negative. When an experiment is performed there are outcomes that sometimes are not the most favorable. One example of this is if an experiment had too many choices and the user just felt overwhelmed. When that happens (Schwartz, 2006) mentioned that those involved in the test may suffer from “choice paralysis”. In a cybersecurity perspective something similar could happen. If the users were given too many options to secure their data. With that said, I don’t think an experiment would work for my topic. While I could implement a security policy, it would take a substantial amount of time to get the policy implemented and followed.

I believe that conducting a survey will be helpful and prove to work better when conducting an experiment. The reason is the anonymity of the survey. The users are able to fill it out and not feel that they are at risk of getting in trouble for answering honestly.

1. If I did a survey, do you think it would matter if it was written or electronic?

2. I have reviewed 15 or more survey’s and they all ranged from 10 to 35 questions. What do you think is a good number? Why?

References:

Chapter 3 -- Survey Research Design and Quantitative Methods of Analysis for Cross-sectional Data. (n.d.). Retrieved August 01, 2017, from http://www.ssric.org/trd/modules/cowi/chapter3

Laureate Education (Producer). (2008e). Quantitative methods: An example[Video file]. Retrieved from https://class.waldenu.edu

Schwartz, B. (2014, July 31). More Isn't Always Better. Retrieved August 01, 2017, from https://hbr.org/2006/06/more-isnt-always-better

Colleagues' postings 4:

Creswell (2014) describes survey research is providing a quantitative or numerical description of trends, attitudes, and or opinions that represent a population by studying a sample of that population. It includes cross-sectional and longitudinal studies that utilize questionnaires or structured interviews. The goal is to generalize from a sample to the population. This would apply to my research which would be utilizing a survey. I would be choosing a general population of IT security managers and would select a sample population one by receiving the completed surveys and two by using questions in the survey that would limit the sample population possibly by years of experience.

Crystal continues by describing experimental research is seeking to identify a specific treatment that influence is an outcome. One group would receive the treatment and the other group would not. The results would be compared. The experiments can take the form of a true experiment where random assignment of subjects to a specific treatment condition is used, or a quasi-experiment where nonrandomized assignment is utilized, or a single subject design. Given my pursuit of a set of best practices that would be derived from the responses of the survey from the IT security managers, I don't see where a single subject design would apply or even an experiment. I would imagine that I would somehow have to get a specific set of managers to agree to participate in an experiment and in my case this would not be practical. Given that my population would be IT security managers, I really don't see where they would have time to participate in anything other than a short survey.

My questions to the class would be:

1. If I was going to use a sample population of IT managers in the greater area of Cincinnati, how would it be possible that I could use an experimental research approach?

2. Wouldn't an experimental research approach require me to set up an environment where I would be testing different security mechanisms in specific locations of the virtualization environment? I would think that the experimental research approach would require me to focus on the machines applications, and not the human response is a survey would.

 

References

Creswell, J. W. (2014). Research design: Qualitative, quantitative