Information Security Change University Of Fairfax Date 07112

Information Security Changeuniversity Of Fairfaxdate 07112020amar

Analyze the different types of research studies—descriptive, relational, and casual—including their purposes, methodologies, and examples. Discuss how a security professional might choose between these research types when conducting information security research, referencing relevant scholarly sources to support your analysis.

Paper For Above instruction

Research methodology plays a crucial role in shaping the effectiveness and precision of academic and practical inquiries, especially in fields such as information security. Among various research types, descriptive, relational, and causal studies each serve distinct purposes, employ different techniques, and provide unique insights. Understanding these differences is vital for security professionals aiming to base their decisions on robust research, data, and scientific evidence.

Descriptive research is primarily concerned with describing characteristics of a phenomenon or a population. Its aim is to depict the "what" aspect rather than establishing causes or relationships. For instance, in an information security setting, a descriptive study might involve surveying organizations to gather data on the current security practices or the frequency of cyber incidents. Such a study might involve questionnaires, interviews, or observations, and the key deliverable is an accurate portrayal of the existing situation (Creswell, 2014). This approach allows security personnel to understand the scope of issues, identify common vulnerabilities, and develop baseline metrics for future improvements.

In contrast, relational research investigates the relationships or associations between two or more variables. It does not, however, attempt to determine causality. For example, a relational study might explore the correlation between the level of employee cyber awareness and the frequency of security breaches within organizations. Data collection can involve surveys and statistical analyses to establish the strength and direction of these relationships (Trochim & Donnelly, 2006). This type of research helps security professionals to identify potential risk factors or influences, such as the relationship between training frequency and phishing attack susceptibility.

The third type, casual research, aims to examine causality—how one or more variables directly affect another. This approach often involves experiments, whether in controlled laboratory settings or real-world environments. For instance, a casual study might test the impact of implementing a new security protocol on employee response times during simulated attacks. The primary goal is to determine cause-and-effect relationships, which can inform policy decisions, security protocols, and resource allocations. Experimental methods, control groups, and statistical tests are typical tools used in causal research to establish these interactions (Shadish, Cook, & Campbell, 2002).

Choosing the appropriate research type depends on the specific question a security professional seeks to answer. If the goal is to understand the current landscape or prevalence of security issues, a descriptive approach is suitable. If the aim is to explore potential associations between variables, a relational study is advantageous. When the focus is on establishing the effectiveness of interventions or understanding cause-and-effect dynamics, causal research becomes necessary.

For example, a security analyst conducting research on employees' password hygiene might start with a descriptive study to assess current behaviors, then move on to a relational study to examine the correlation between training frequency and password quality, and finally implement a causal experiment to test the effectiveness of different training methods. This progressive approach ensures comprehensive understanding and evidence-based decision-making.

In my perspective as a security professional, integrating different research methods can provide a holistic view of the security environment. Descriptive studies set the foundation by identifying what exists; relational studies reveal possible connections; and causal studies validate the effectiveness of interventions. Combining these approaches, supported by scholarly research such as Creswell (2014) and Trochim (2006), contributes to more informed and effective security strategies.

References

• Creswell, J. W. (2014). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. Sage Publications.
• Trochim, W. M. K., & Donnelly, J. P. (2006). Research Methods Essential Knowledge Base. Atomic Dog Publishing.
• Shadish, W. R., Cook, T. D., & Campbell, D. T. (2002). Experimental and Quasi-Experimental Designs for Generalized Causal Inference. Houghton Mifflin.
• Denning, D. E. (2013). "The Science of Security." Communications of the ACM, 56(2), 18-20.
• Whitman, M. E., & Mattord, H. J. (2018). Principles of Information Security. Cengage Learning.
• Gordon, L. A., & Loeb, M. P. (2002). "The Economics of Information Security Investment." ACM Transactions on Economics and Computation, 2(2), 125-146.
• Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
• Scarfone, K., & Mell, P. (2007). "Guide to Intrusion Detection and Prevention Systems (IDPS)." NIST Special Publication, 800-94.
• Herley, C., & Florêncio, D. (2010). "A Research Agenda for End-to-End Security." IEEE Security & Privacy, 8(2), 34-41.
• Vom Brocke, J., & Simons, A. (2021). "Design Science as a Method for Addressing Grand Challenges." MIS Quarterly, 45(1), 1-8.