CHAPTER 4: RESEARCH METHODOLOGY

4.5 Data Collection Process

123 Justification for the chosen research design

A descriptive research design is adopted due to the nature of this research study. It is a research design which is used to depict the participants in the proper way. It is about describing the people that take part in the research study. There are three procedures the researcher can use in a descriptive research study: observational, case study and survey. McCusker and Gunaydin (2015) discussed that this type of research design collects information from the target population in order to describe the preferences and characteristics as well as practices. An example of a descriptive survey is using a questionnaire to solicit the information from the participants based on the selected research topic. The descriptive statistical techniques consist of three purposes:

describe the relationships among the variables, describe the variables and describe the distributions (Matthews and Ross, 2014). A descriptive design is accurate for this particular study as it examines the mediating effect on the users’ addictive behaviours on the relationship between information security countermeasures and risky cybersecurity behaviour practices.

Figure4.3: Design selection (Source: Created by author)

124

process. Therefore, it should be carried out with the utmost care and accuracy in order to obtain the desired results.

While conducting the research, the information is being accounted as the most critical data which is required for this specific investigation. Sensitive information is valuable to provide knowledge relating to the selected topic. Matthews and Ross (2014) indicated that use of the best possible data is significant to the investigation resource to convey the exactness of information while maintaining the research standard. At the time of collecting the survey data, it is necessary to verify the research settings which are discussed in Chapter 3 in the conceptual research framework. The tools as well as techniques of data collection help to collect the required data (Clark and Creswell, 2014). With the help of the data collection tools, it is necessary to transfer facts from the field into data as well as tables. In the process of data collection, there is the possibility that some of the data information will be lost (McCusker and Gunaydin, 2015). Proper information is being collected as well as utilized for the purpose of data analysis as well as interpretation.

4.5.1 Data Sources

In this research study, the data collection tool or instrument used for collecting data is an online survey questionnaire. It is the main instrument used for a survey research study. A set of standardised questions on the selected research topic –which is examining the mediating effect of the users’ addictive behaviours on the relationships between information security countermeasures and risky cybersecurity practices– is prepared to collect data from the individuals. The questionnaire is designed so that statistical analysis of the collected responses can be performed (Matthews and Ross, 2014). At first, the researcher prepared the survey questions based on the selected research topic. While preparing the survey questions, the

125

researcher should ensure that there is no influence on the received responses. The question design should reflect the aims of this research study as well as the objectives. Then, the researcher shared the survey link with the target sample population via email and WhatsApp, to obtain their responses. After obtaining their responses, the researcher collected raw data in SPSS format. The collected data are analysed the various views of the group of people from the selected population are interpreted (Humphries, 2017). The variables for the questions are taken from the identified research hypotheses, which are considered as the main data set from the survey instruments. At the time of data interpretation, the data are analysed in the form of pie charts and tables.

4.5.2 Data Analysis

Data analysis is the process of inspecting, critically analysing and transforming the collected data to meaningful information (Mi et al., 2017). The obtained information is used to come up with a conclusive report on the research questions. The purpose of analysing the data is to enable the researcher to create an informed conclusion which will help them to make precise decisions. Data analysis is performed to create a visual representation of the collected data. In other words, the purpose of analysing the data is to generate graphs, charts and tables which show the trends of the aspects being researched. The collected data cannot be interpreted if it is not analysed. The process of analysing the data can be carried out through a qualitative approach or a quantitative approach. In qualitative analysis, fine details are sorted from the data to enable the researcher to come up with accurate conclusive information. On the other hand, quantitative analysis is where a general view of the research topic is created (Jacobi et al., 2016).

A quantitative approach is used in this particular study. The data from the research survey, such as regarding the UAE’s public organisation services, are required to provide the

126

raw data used to recognise as well as explore the information security culture. They also explore the challenges to promote as well as enhance the information security culture. McCusker and Gunaydin (2015) stated that the data collection process aims to provide raw data as well as information which helps to develop the information security model culture. This particular stage is involved to distribute the structured questionnaire to the organisation. It involves the conduction of an in-depth analysis of the key personnel’s feedback. The key personnel give their opinions as well as attitudes towards the information security culture along with the factors influencing the information security culture. The main purpose of the questionnaire method is to explore as well as identify the culture and help with the development of an initial information security culture model (Simonsohn et al., 2017).

The purpose of quantitative analysis is referred to emergent of the research methodology developments with systematic integration. The purpose of this data analysis is expanding and strengthening the conclusions of the research study, and therefore contribute to the published literature. The quantitative analysis method contributes to answering the research questions (Matthews and Ross, 2014). The core characteristics of the quantitative data analysis method are:

I. Collection and analysis of quantitative data such as closed-ended questions (Panneerselvam, 2014).

II. Ensuring a specific sample size for the quantitative analysis of the study.

III. Integration of data by means of data collection and analysis

IV. Framing of theoretical models of the research study to understand the various perceptions of various authors on the relationship between human behaviour and information security (Simonsohn et al., 2017).

127

Quantitative data analysis is performed by considering the respondents from the UAE’s public organisation and using a survey questionnaire data instrument. The value of raw data is considered in the form of numerical values where each piece of data has a unique numerical value linked with the research study. It is collected for performing statistical analysis by means of a survey across the sample population.

There are various types of data analysis which can be performed (Mi et al., 2017). The analysis types are text analysis, statistical analysis, diagnostic analysis, prescriptive analysis and predictive analysis. The analysis conducted in this thesis is text analysis. This type of analysis creates a pattern of traits from the sample results that were obtained. In this context, the data were analysed to give a logical pattern of how information security countermeasures influence employees’ risky behaviours towards managing cybersecurity.

Figure 4. 4: Research approach (Source: Created by author) 4.5.3 Data Interpretation

The last phase of data collection is the interpretation of the analysed data (Fetters and Molina-Azorin, 2019). This is the phase in which the researcher comes up with a conclusion on the research they were undertaking. The purpose of data interpretation is to find out the outcome of the research in relation to the research question. In this thesis, the researcher developed a conclusive report on the findings of the research (Fetters and Molina-Azorin, 2019). Data interpretation can be conducted through comprehensive reports, tables, charts or graphs. At this point, the findings can be presented to the relevant audience for decision making. The conclusion

Positivism Deductive Descriptive Quantitative Survey

128

can be positive or negative to the research question. In this case, it can either agree or disagree that the information security countermeasures can truly influence the employees’ risky behaviours. Sometimes, data interpretation is referred to as data visualization since the data are represented in the form of graphics (Fetters and Molina-Azorin, 2019).

4.5.4 Data Presentation

Once all the data have been analysed and interpreted and reports generated, the reports are made available to the target organisation (Gray, 2019). The organisation uses the reports to make informed business decisions on the problem being addressed. The reports can be submitted directly to the specific organisation or made available online for multiple organisations. The purpose of this research was to identify the relationship between organisations’ information security countermeasures and minimising risky behaviour practices. Therefore, the results of the research can be presented to different organisations. If the research findings are not presented but remain with the researcher, then the research can be considered to be of no use (Viswanadham, 2018).