BYOD-Polcies for Mitigation of Data Loss - Research Proposal Example

BYOD -Policies for Mitigation of Data Loss Beverly Jamison George Washington School of Professional Studies Kellie Moult George Washington University School of Professional Studies BYOD- Policies for Mitigation of Data Loss Research Methods This research being undertaken is a qualitative analytical one. Its purpose is to describe the state of affairs as it exists. This will involve highlighting all the data mitigation strategies that have been put in place and, most importantly, to analyze how the various recommended strategies are effective in reducing data losses. The study does not have, or pretend to have, any control over the variables but only seek to report and interpret the findings in light of the objectives of the study (Caulley, 2007). As Jones (2002) points out in his book, this type of research is qualitative in nature as it does not seek to analyze the numbers but study the underlying motives of human behavior. It is concerned with objective assessment of the employees’ views about the data policies that have been instituted. Do they think the administration is doing enough through encryption of data, fingerprint scanning and other data protection measures that have been instituted? And as a result, have the data loss incidences decreased? This type of research, notes Marnie (2012), also focuses on particular factors that motivate people to do things the way they do, for example employee leaving with the company’s sensitive data, or to behave in a certain manner are analyzed. The research methods will discuss the research philosophy that informs this study or that the researcher subscribes to, the research strategy and the research instruments that will be utilized in the bid to achieve the objectives of the study. a) Research Philosophy This research is analytical in nature since the objective of the study is to investigate the effectiveness of the recommended BYOD data protection policies being used by the IT professionals and the Human Resource managers. A research philosophy refers to the preferred approach applied by the researcher in search of knowledge, establishing the nature of the problem and its context (Cooper and Schindler, 2006). Here, the existence of the problem, knowledge, values and reason are clearly delineated. The research philosophy of this study will include the epistemology and the research approach. Epistemology is that type of thinking where the phenomena is taken and thought to be true, a stark contrast of doxology which tends to treat the phenomena according to what is believed to be true. The objectivism epistemology will be used. Through this the researcher will have the duty of decipher and map out the reality of the situation (Bryman, 1999). The research will try as much as possible to quantify the answers provided. The data collection instruments to be employed have been structured to enable quantification of data even though they will not be empirically analyzed like in quantitative studies. Some of the answers that need quantification are those for the number of data breaches recorded monthly in an organization and the number of employees that have been granted access to the organization’s network among others. This research will be based on a positivism type of paradigm. This is the school of thought that advocates for reality and objectivity. The purpose of a research based on positivism is to find causal relationship between variables through deductive reasoning in order to be in a position to estimate probabilities and make predictions (Kasi, 2009). Flinders (2013) asserts that the problem of data loss in the corporations that have BYOD policies is real and demands real answers that are effective in mitigating the said data loss. Through objectivity, an essential component of positivism, valid answers can be derived from the research. The alternative research approach is interpretivism and realism, both of which proved inappropriate for this type of study. Positivism clearly offers the flexibility and clarity of procedures on which this type of research can be based (Bryman, 1999). For instance, interpretivists argue that for a research to be credible then it must look at the human side of the problem. They therefore place a lot of importance on the values and beliefs that the sample upholds. These feelings to positivists are not necessary; the researcher’s beliefs have no value to significantly influence the research study. What is important in positivism philosophy is that a research strategy should be selected and data collected then the effects observed through data analysis. Lastly, logical deduction is made to enable objective conclusion and recommendations (Caulley, 2007). b) Research Strategies The strategies to be employed will be mixed. A survey and case study will be employed to get an insight into the problem of data loss among the corporations employing BYOD policies as recommended by Calder (2013). Surveys should enable the research study to get data about the various practices, the situations and employees’ views through the administered questionnaires and interviews. Data analysis techniques will then be used to infer meaning from the raw data. The main reason why survey was chosen is because the study will be carried out in as many organizations as possible (Snyder, 2012). Approximately 400 IT personnel will be interviewed and served with the questionnaires. The responses will be analyzed for effectiveness with the best data loss mitigation policy under BYOD recommended for use at the end of this study. A case study strategy will also be employed in one organization. This is just for the purpose of validation of the data collected. This study tackles the issue of data security which goes to the heart of privacy of both personal data and personal data. Data protection is a global issue, therefore, for this study to have any real meaning or contribution to the data security sector then it has to be generalizable. One of the best ways of attaining representativeness and generalizability is by conducting a case study of an organization typical of all organizations with BYOD policies (Yusuke, 2013). c) Time Horizon Model The research study will employ a longitudinal time horizons model. This is because the variables studied transcend one year. This study will be conducted over a two year period; 2013-2014. The study shall also be conducted after regular intervals in the future so as to study the trend and identify upcoming issues that the previous studies had not factored. A longitudinal time horizon model is the best model given the nature of IT issues which tend to rapidly change over a short time (Raths, 2012). Since the data security strategies are fast becoming outdated as better data theft methods are being devised, it is prudent to conduct several studies from the broadest base possible in order to give up to date recommendations. For example, a few years ago, the best solution for data protection was encryption. But today there are many individuals and software that can decrypt that data. The research conducted then would have given cryptography as the only solution but the same cannot be said today. The least a modern data protection research can recommend for a corporation enacting BYOD policies is encryption coupled with data verification and protection of data from malware. d) Data Collection Methods The research population is the collection of individuals, objects or elements that the study focuses on. The research population will include the major stakeholders in the IT industry. It will include IT security practitioners, a good number of them should be working in large organizations with l000 or more employees. The sampling frame will be drawn from this population. The frame is that population that has been selected and the researcher is sure can provide the data or information required (Huberman and Miles, 1998). This study, in order to get authoritative information, will only consider only those employees from the supervisor level or higher. Purposive sampling, which is non-probabilistic, will be employed in drawing the sample. The sample is selected to provide as much information as possible on the subject (Jones, 2002). The sample size will be 40 persons per study over the two years. Questionnaires will be the primary means of data collection. Some of the questions asked in the questionnaires will be based on Pomenon study 2013. The other data collection methods will be observation and document review. Through observation, the various data protection measures being undertaken by the various corporations will be noted. Document review will aid this study to get insight of the records, for example, of the past data breaches or theft. Document review will also help interrogate past researches on the same issue and enable this study to make better up to date recommendations (Sekaran and Bougie, 2010). e) Data Analysis Techniques Data analysis is the process of summarizing, categorizing, identifying latent patterns and themes in a study and linking them so that they make sense (Marnie, 2012). After research most researchers end up with huge chunks of raw data, this data is of no use if the researcher cannot make sense of them. This research is based on a data driven market, it seeks to establish the solutions employed in one corporation, analyze its effectiveness and try to employ the same measures elsewhere if they are effective. Therefore, this study will employ a combination of induction method and content analysis (Allen, 2013). Under induction, a hypothesis will be formulated and comparisons made between measures employed in different organizations. For instance, a hypothesis like BOYD policy works better for smaller organizations than larger organizations can be used and then the study proves or disproves the hypothesis. Content analysis will be used to identify the major themes, for example, malicious insider risks, negligent insider risks, employee owned mobile devices, data protection measures effectiveness and many others (Raths, 2012). These methods of data analysis were the most relevant to be used in this study given the nature of the research questions asked, the theoretical framework of the study and lastly their appropriateness to such qualitative type of study. f) Data Validity and Ethical Issues Although the research is dealing with a highly contentious issue the research questions do not pose any physical, psychological or emotional damage to the participants. The research questions along with the objectives of the study, the methodology and framework will be filled in an ethical form and submitted to the ethical board for approval before the commencement of the study. As for informed consent of participants, the questionnaires will directly provide that the participants fill it voluntarily. The secondary data from the various sources such as data theft records will be obtained and used with direct consent from the owners of the documents through a written consent note. Interviews will also be conducted with the consent of the interviewees and any information provided will be used only for the purposes of research. A different consent form will be drafted for different participants. The other issues are protection of personal data and privacy of individuals and ensuring validity of the data is not compromised by the researcher’s subjective judgments. In order to protect the anonymity of individuals their comments will be made anonymous by generating false names or using codes instead of real names. The participants may also be asked not to provide their personal details so that the data cannot be traced back to them if itfalls into wrong hands. The secondary data used will be returned in the custody of the owner. The data collected will then be destroyed after data analysis. The questionnaires will be scanned and stored in a secure computer system while the physical questionnaire papers will be destroyed so that they do not fall into wrong hands (Yusuke, 2013). As for data validity, the internal validity will be guaranteed through showing a cause and effect relationship between the variables (Marnie, 2012). It will show a causal relationship between BYOD employing corporations and increase in data breach and theft. Snyder (2012) points out that the external validity factor is aimed at assessing whether the study is generalizable. It seeks to determine whether the same results can be obtained if the same study is conducted at a different time or on a different location or conducted by a different person. The survey strategy used coupled by the purposive sampling technique where the people with information are the ones consulted should ensure that the study is generalizable to a good extent (Caulley, 2007). The researcher hopes that this study will be able to get useful findings that will enable recommendation of workable solutions for corporations having BYOD policies. The recommendations if implemented should significantly reduce the threats and actual loss of data; and where it has already been lost, they will mitigate the loss. References Allen, B. (2013). Is it time for a BYOD policy? Enterprise/Salt Lake City, 43(14), 15-20. Bryman, A. (1999). Research Methods and Organization Studies. London: Unwin Hyman. Calder, A. (2013). Is the BYOD Movement worth the risks? Credit Control, 34(3), 65-70. Caulley, D. (2007). Review of Qualitative research methods for the social sciences. Qualitative Research Journal, 6(2), 227. Cooper, D., & Schindler, P. (2006). Business Research Method. Boston: McGraw-Hill Irwin. Flinders, K. (2013). Overcoming BYOD challenges. Computer Weekly, 9/24/2013, 17-19. Huberman, A., &Miles, M. (1998). Data Management and Analysis methods. Qualitative Materials, 5(6), 89-107. Jones, S. (2002). Rewriting the Word: Methodological strategies and issues in qualitative research. Journal of College Student Development, 43(4), 461-474. Kasi, P. (2009). Research: What, Why and How? A Treatise from Researchers to Researchers. Bloomington: AuthorHouse. Marnie, K. (2012). Research column: Situating methodology within quantitative research. Journal of Education, 22(4), 45-67. Raths, D. (2012). Are you ready for BYOD? T. H. E Journal, 39(4), 28-32. Sekaran, U., and Bougie, R. (2010). Research Methods for Business: A Skill Building Approach. Chester: John Wiley and Sons. Snyder, C. (2012). A case study of a case study: An analysis of a robust Qualitative Research Methodology. Qualitative Report, 17(6), pp. 20-32. Yusuke, M. (2013). Rethinking a case study method: A comparative analysis method in qualitative research. Japan International year book, 18(4), pp.87-90. Read More