and Critique of IMRAD Article 7
and Critique of IMRAD Article
and Critique of IMRAD Article
InformationTechnology (IT) Systems have not only made work faster and easier buthave also created an opportunity for a new type of security threat.Today, computer assets are being targeted. Often, the attackers seekto obtain or destroy vital information. Consequently, data andcomputer asset protection has emerged as a critical issue in ITcycles. Several studies have been conducted on the matter however,Kim (2013) was interested in testing computer security models andhuman behavior at the workplace. At the end of the study, theresearcher hoped to propose and empirically test a model of computersecurity that would help employees adopt the correct attitude andbehaviors towards security issues at the place of work.
Toachieve his goal, Kim (2013) adopted a qualitative researchmethodology whereby 50 MBA students who also had a job participatedin an online survey. The respondents were required to fill in theweb-based questionnaire and submit them via emails. The researcherapplied the TRA, Moral Obligation and PMT theories as the preferredtheoretical frameworks that would enable him to understand thebehaviors and attitudes of individuals in the workplace towardscomputer security issues. Upon conducting a comprehensive dataanalysis, Kim (2013) found out that organizational factors influencedthe employee’s behavior towards IT security issues. The study alsounveiled that moral obligation also played a role in determining anindividual’s sense of obligation and intentions towards computersecurity issues. The researcher concluded that organizational normsmainly security policies and individual factors, especially moralobligation have an impact on employees’ attitude and behaviortowards IT information threats. However, the security policiesinfluence an individual`s moral obligation towards computer security. This result and conclusion are significant to practitioners as itreveals the real factors that would lead employees to adopt positivecomputer security behavior, especially now that it had beenestablished that organizational security policies did not havesufficient impact on the employee’s security behavior.
Inthe introduction section, the researcher provides informationregarding the research topic by highlighting the computer securitythreats that organizations encounter, the negative impact, and someof the measures that organizations undertake to ensure that theirinformation and computer assets are safe. The introduction is brief,but it supports the study topic sufficiently because it touches onall the aspects that the researcher needs to explore in order topropose a computer security model that would enable interestedparties to comprehend the behaviors of employees towards computersecurity issues.
Indeed,the author has extensively examined the studies by other researcherson the topic and recognized that most of them identified models thatwould assist employees to adopt better behaviors towards IT securityissues. However, there was a research gap since none of the studiespresented findings, which demonstrated that researchers fullyunderstood the interplay among individual’s behavior, theirnormative beliefs, and organizational factors. Therefore, there was aneed to perform the study and contribute to new knowledge byintroducing a comprehensive model that explains workers behaviortowards computer security issues based on the examination ofindividual/ personality factors.
Therefore,one can state that the introduction section achieved the qualityinformation threshold because it contained the relevant informationregarding the study topic. The basis of this comment is that theauthor was able to show the larger picture of the study and hassufficiently established credibility for his study by demonstratingthe information gap left behind by other researchers.
Regardingthe research methods, Kim (2013) opted to conduct a qualitativestudy. A total of 50 MBA students who also were working participatedin the online survey 1. The interviewees were requested to fill inthe questionnaires and submit them via email. Based on the researchgoals, a qualitative research approach was appropriate because itenabled the author to explore the individual factors that influencedone’s attitude and actions towards computer security threats.Moreover, the method was the only process that would provide him withdescriptive feedback that could be evaluated against the researchmodels.
Onemay assess the validity and quality of the study methodology byquerying the appropriateness of the theoretical perspective andframework, the sampling, and data collection procedures. Thus, sincethe author sought to establish the individual factors that lead toone’s attitude towards computer security issues, then, the TRA, PMTand Moral obligations theories suited the research goals because allof them explain human behaviors. Additionally, the research model,which consisted of six security threat dynamics and three personalityfactors, were interconnected with thirteen hypotheses. They presentedan experimental model for understating computer security behavioralintentions among employees. Importantly, the survey sampledresponses from interviews who worked in different sectors such asmanufacturing, telecommunications, and banking among others. Thediversity in the sampling ensured that the data gathered was indeedrepresentative of employees despite their employer.
Thus,it is evident that the research method is valid and others can adoptit to conduct a similar study. To some extent, one may consider themethodology novel because of the research model developed to assistKim to understand the complex relationship between individualbehaviors and computer security issues.
Kim(2013) investigated a total of thirteen possible outcomes therefore,it is clear that the results were expected to be lengthy andcomprehensive. To avoid confusion and wrongful analysis, the raw datawas grouped into various categories such as gender, age, department,job tenure, industry type and the number of employees. Evidently,this categorization made it possible for the researcher to organizeinformation into relevant data sets that would facilitate dataanalysis quickly. Moreover, the research model was incorporated intothe results, thereby giving the audience a chance to picture thestrengths of the various hypotheses and how they affect theemployee’s behavioral intentions. The strengths were calculated byestablishing the coefficient of determination.
Thequality of the results may be assessed by determining whether theyare easy to follow, clear, correctly labeled, and visually appealing.By and large, the author used tables to ensure that the results arevisually appealing. Furthermore, all the sub-categories are vivid andcorrectly labeled such that it is easy to follow as well as clear foreveryone to see and read. Therefore, the results sections may nothave been brief as recommended but the author ensured that albeitlengthy all the information shared therein was important and relevantto the study.
Itis common practice to merge the discussions and conclusion. However,a separation of the two sections is better because it helps theaudience distinguish between these two sets of valuable information.Nonetheless, the most critical aspect is that the author/researchercommunicates to the audience the findings and explains theirrelevance. In this study, the author communicated the findings andwas keen to link each result to a guiding theory. The significance ofsuch an action is that the audience can clearly understand theindividual factors in light of the behavioral theories.
Itemerged that moral obligation had a substantial impact on theemployee`s behavior regarding computer security issues. It alsoemerged that response efficacy played a significant role indetermining one’s reaction to IT security issues. The section alsoincluded information that suggested some of the possiblebeneficiaries of the study. This was a precursor to the final sectionthat was dedicated to explaining to whom the study would be mostbeneficial and why.
Overall,the study by Kim met the quality threshold. In fact, the process canbe replicated and the findings compared. The author strived touphold the best research practices nevertheless, it is clear thatperhaps a mixed research approach would have mitigated the weaknessesof a purely qualitative study. The inclusion of quantitative datawould have seen the study become perceived as more objective.Moreover, the mixed approach would have provided quantitative data,which tends to be considered more factual and analytic of thesituation. Furthermore, the sampling would have included othercategories of employees beyond MBA students. The issue of concernabout targeting MBA students is that the respondents may not providean accurate description of the employees because this subgroup islikely to have a heightened awareness towards the issue and mayconstrue their responses to meet the researcher`s expectations.
KimHY. 2013. Understanding computer security behavioral intention in theworkplace.
Information,Technology, and People 26(4): 401-419.