ICT615 INFORMATION TECHNOLOGY RESEARCH METHODS

MURDOCH UNIVERSITY

ICT615 INFORMATION TECHNOLOGY RESEARCH METHODS

Assignment 2 

Submission dates:

·          Week 13

·          Written submission Sunday Week 14 

Worth: This project is worth 30% of your final grade 

Submission instructions: You should submit your assignment from the ICT615 LMS site. You can receive email notification that your assignment has been received. Late submissions will be penalised at the rate of 5 marks per day late or part thereof unless an extension has been obtained.

You should submit your assignment as one word-processed document. So your work doesn't get mixed up with others’, ensure that your name is on your assignment and use a filename that clearly identifies it. If you are working in pairs put both surnames in the filename, but submit a copy of the assessment each, so that it is easier to provide feedback. You must keep a copy of the final version of your assignment as submitted and be prepared to provide it on request.

The University treats plagiarism, collusion, theft of other students’ work and other forms of dishonesty in assessment seriously. For guidelines on honesty in assessment including avoiding plagiarism see http://our.murdoch.edu.au/Educational-technologies/Academic-integrity/

Behavioural Security Research Project 

This assignment is intended to provide you with the experience of undertaking and writing up a complete research project. As you know from Assignment 1, whilst much has been written about behavioural security, there is still more research needed. Many previous findings have been inconclusive, and IT security continues to be a problem.

For this project you are provided with a set of data relating to users’ passwords and their perceptions of security threats. It has been collected from users of the Internet who have web accounts. The study was designed as an experiment where the treatment group were exposed to password security information and training. 

Your first task is to formulate a research question or several related research questions that relate to this topic and can be answered using the set of data. You will be helped to analyse the data in order to answer your research question(s). You will give a brief presentation to the class outlining your proposed research (in class Week 13) this will allow you to get feedback on your research questions, hypotheses and preliminary results. You will also write up your results in the format of a conference paper (to be submitted Week 14).

Possible research questions might include:

Does exposure to password security information and exercises improve intention to comply with password guidelines?

• Does exposure to password security information and exercises improve password strength?
• Does gender influence password security?
• What factors influence intention to comply with password guidelines?
• What factors influence password strength? 

You need to work in the same groups where you finish assignment 1. 

You will be given:

1.      Information about how the data was collected (Appendix 1 in this document)

2.      A list of all the variables included in the dataset (Appendix 2 in this document)

3.      A data set containing the raw data (in both SPSS (.sav) and Excel format (.xls)) –download from the ICT615 LMS site

4.      A copy of the survey used to collect the data - can be download from the ICT615 LMS site

If you find that you need more information about the way in which the data was collected just ask me. 

You need to:

1.            Undertake background reading to review the relevant literature. You can use studies you find for assignment 1, but you cannot just copy and paste the literature review from assignment 1 to assignment 2. You need to rewrite and restructure the writing based upon your work in assignment 2.

2.            Decide exactly what research questions you want to answer (and generate hypotheses if appropriate)  

3.            Consider how the data should be analysed in order to enable your research questions to be answered

4.            Get the data analysed (if the results you need aren’t included in the Topic 9 Data Analysis Session, I can do it for you, or I can help you do it)

5.            Present a brief outline of your research/paper in class

6.            Write up your research in the form of a paper suitable for publication at a conference.

Note: Stages 2 to 4 can be done in collaboration with the rest of the class, but the presentation and research paper should be created in group. 

Presentation:

The presentations should be approximately 5 minutes in length (with a maximum of 10 minutes) and given during the Week 13 class. The presentation will be worth 10% of the mark for the Project. 

The presentation should include:

1.      Background literature

2.      Justification for the research

3.      Research questions (and hypotheses if appropriate)

4.      Any preliminary results you have

5.      Discussions (e.g., implications for research and practice) (highly recommended if you have any results, though not listed in the rating sheet) 

The tutor will evaluate the presentation in the lab tutorial. 

Research Paper:

The research paper you submit should include the following sections:

1.            Title

2.            Abstract

3.            Introduction

·         Provide enough background

·         including a brief statement of the problem you are investigating

4.            Literature Review - brief review of the literature relevant to the problem

5.            Research hypotheses – include your hypotheses in this section (and make sure that you provide a justification for each of them)

6.            Research design – you can copy as much as you like from Appendix 1.

7.            Results - create your own tables – don’t just cut and paste the SPSS output, clearly state what you found and whether each hypothesis is supported or not 

8.            Discussion (Implications for theory, practice, limitations and opportunities for future studies)

9.            Conclusion

10.        References (referencing should be in APA style) 

Make sure that you cite previous work properly! 

Length: Approximately 2500 - 3000 words

APPENDIX 1 - Information about how the data was collected

The target population for this study was Internet users who hold at least one online email account. To obtain a sample with a wide range of backgrounds a third party recruiting company, Authentic Response Inc., was used and participants were recruited through email invitations to their panel. A total of 3830 email invitations were distributed.

Participants were randomly allocated to two groups: a control group, and a treatment group that received password security information and training.  Each group undertook a separate data collection session administered online using SurveyGizmo. The control group session took approximately 15 minutes and collected the following information:

• A typical password (later analysed for password length and password strength)
• Longest password ever voluntarily used
• Number of email accounts currently held
• Whether have voluntarily changed email passwords
• Whether have previously shared email passwords
• Self-rated computer skill
• Self-rated security knowledge
• Whether have previously been hacked
• Gender
• Age
• Highest level of education
• Perceived Severity
• Perceived Self-efficacy
• Perceived Effectiveness
• Perceived Cost
• Perceived Vulnerability
• Perceived Threat
• Intention to Comply (with password guidelines).
• New Password (later analysed for password length and password strength) 

The treatment group data collection session, completed in approximately 25 minutes, consisted of the same measures of the same variables, plus a password security information and exercise segment that was completed after the background information about participants and their practices was collected and before the main constructs were measured. The password security information and exercise were developed using material from NIST (Scarfone & Souppaya, 2009), US-CERT (McDowell, Rafail, & Hernan, 2009) and Certified Information Systems Security Professional (CISSP) (Stewart, Tittel, & Chapple, 2008). 

In order to ensure validity and reliability of the items, previously validated items were adopted where possible. The sample survey shows the items used (note: not all items in the sample survey are included in the data set). With the exception of Intention to Comply, all the main constructs were measured on a 7-point Likert-type scale. The items to measure Perceived Severity and Perceived Vulnerability were adapted from Boss (2007) and Zhang and McDowell (2009). The items to measure Perceived Threat and Perceived Cost were adapted from Milne, Orbell and Sheeran (2002). Perceived Effectiveness was measured using items adapted from Zhang and McDowell (2009) and Perceived Self-efficacy with items from Compeau and Higgins (1995). The items to measure Intention to Comply were adapted from Bulgurcu, Cavusoglu and Benbasat (2010) and measured on a 7-point scale where (1) was labeled ‘not at all likely’ and (7) was labeled ‘very’.  

Password strengths were analysed using an approach based on Shannon (2001) adapted to meet NIST guidelines (Burr, et al., 2006; Scarfone & Souppaya, 2009). Summary variables for each construct were calculated as the average of the items used to measure the construct (see sample survey).   All constructs had Cronbach alphas of over 0.80 indicating acceptable reliability.

APPENDIX 2 – Variable definitions 

 To View Complete Question See Below