CHAPTER 3

RESEARCH METHODOLOGY

3.1 Introduction

The increasing reliance on technology and the interconnectedness of DESD have raised
concerns regarding cybersecurity in the military. This research aims to investigate the factors that
contribute to successful cybersecurity risk management in this context. It will analyse existing
research articles and conduct survey to the employee and structured interviews with key
personnel responsible for risk management. This study explores the emerging threats faced by
DESD in terms of governance, risk management practices, culture, and awareness.

This research aims to identify the critical components of cybersecurity risk management
in DESD, analyse the emerging threats faced by DESD, and develop a framework for
cybersecurity risk management in DESD. This framework will serve as a guide for DESD to
improve their cybersecurity risk management strategies and protect sensitive information and
assets from cyber threats. By considering various sources and perspectives on risk management
in the field of cybersecurity, this research aims to enhance the comprehension of the distinct
challenges and potential benefits associated with cybersecurity risk management within DESD.

The findings of this research will provide valuable insights for DESD to enhance the
cybersecurity risk management strategies and protect against emerging threats. Additionally, it
will establish knowledge on cybersecurity risk management among employees and provide
recommendations for improving risk management practices within DESD.
3.2 Research Design

The research design of this focuses on evaluating the knowledge related to cybersecurity
threat among the employees in DESD and attempts to identify causes of cyber threat using the
quantitative and qualitative method or mix-method. For this study, the research design
harmonizes with the conceptual research problems. Moreover, the data collected from survey and
interview will answer the research question for this research. It may demonstrate the relevance of
the research issue that will be examined throughout the study design process. The activity in
research design will be elaborate the research methodology used on the scope of study. Based on
the objective, the method to analyze the data or the research design is shown in Table 3.1.

Research Research Instrument /

Deliverables
Objectives Questions Data Collection
To evaluate the What is the Literature Review Awareness
current knowledge about Quantitative Education and
cybersecurity cybersecurity Training
threat knowledge threat in DESD?
and awareness in
DESD
To analyse the How to analyse Literature Review Cause that
causes of cyber the causes of cyber Qualitative contributes to
threats that occur threat in DESD? cyber threat
in DESD.
To propose best How to improve Literature Review Risk Management
practices that can cybersecurity risk Qualitative Awareness
improve the management in Guideline
cybersecurity risk DESD?
management in
DESD

Table 3.1 Research Design

 Table 3.1 presents a comprehensive overview of the chosen approach for integrating the
various components of the study. This table serves as a guide for data collection, analysis, and
interpretation, outlining the study's design based on the problem it aims to address and providing
a framework for effectively addressing key research questions. An examination of the approach
described in Table 3.1 reveals that the research design is tailored to address the complexities of
the selected topic. The framework presented in the table provides a clear roadmap for collecting,
analysing, and interpreting data, ensuring the systematic and logical integration of the study's
components.

The chosen design not only serves as a guide for the research process but also establishes
a solid foundation for addressing the underlying issue. By aligning the study's design with the
problem, it seeks to solve, the research is well positioned to effectively tackle key research
questions and generate insightful findings.

Moving forward, it is crucial to delve deeper into the specifics of the research design
outlined in Table 3.1. This involves a comprehensive examination of the methodologies, data
collection techniques, and analytical frameworks that underlie the overall approach. Such a
thorough exploration will provide valuable insights into the strength and efficacy of the chosen
research design, ultimately enhancing the clarity and cohesiveness of the study.

3.2.1 Mixed Method

This study employed a mixed-methods approach, integrating both quantitative and

qualitative research methodologies. The utilization of mixed methods research brings several
advantages in terms of gaining a more comprehensive understanding of a particular
phenomenon, as compared to using either approach in isolation (Taguchi, 2018). Researchers
utilizing mixed methods designs require advanced abilities in both qualitative and quantitative
research methodologies. Nevertheless, it is noteworthy that mixed methods research entails a
higher expenditure of time and resources (Skillman et al., 2019).
 Each data collection method in mixed methods research has its own potential sources of
error. For instance, a qualitative approach, especially when utilizing questionnaires, can be
vulnerable to bias and errors that can impact the results. These include sampling errors, flawed
questionnaire design, leading or ambiguous wording, sampling bias, errors in data analysis and
interpretation, and the creation of an artificial sense of accuracy (Vomberg and Klarmann, 2021).

Likewise, interviews can be susceptible to errors during data collection. Since the data is
based on personal interactions, the results are influenced by negotiation and contextual factors
(Harris and Brown, 2019). The interviewer can introduce biases through leading questions, and
both interviewers and interviewees may engage in satisficing. Additionally, the collected data
only provides a partial and constructed understanding of the interviewees' perspectives.

Nevertheless, blending qualitative and quantitative approaches offers unique advantages

that neither approach can achieve on its own. One notable benefit is the ability to address
complex research questions in a more comprehensive and insightful manner by combining both
types of data. Another advantage is that if one approach exhibits weaknesses, the other can
compensate for any flaws that arise. Sometimes, one method may produce inconsistent or
contradictory results, which is often observed with quantitative data. In such cases, the
qualitative approach can help uncover underlying nuances and meanings within the quantitative
data (Jacobs and Tschötschel, 2019).

3.3 Quantitative Method

Quantitative research designs can be classified as either descriptive or experimental.

Descriptive research involves measuring subjects once to establish a relationship between
variables, while experimental research involves measuring subject’s multiple times to establish
causation. Quantitative research is a rigorous methodology that entails gathering statistical data
to formulate generalizations or descriptions of phenomena across diverse groups of individuals.
In this study, a quantitative research methodology will be employed to investigate the correlation
between employees of the DESD and their level of cybersecurity awareness.

To ensure the comprehensibility of the questionnaire, a pilot study was conducted before
it was presented to the sample frame of this study. The collected data was subsequently analyzed
using SPSS, a software program renowned for its extensive repertoire of graphs, techniques, and
charts tailored specifically for diverse forms of statistical analysis in quantitative research. The
data screening and cleaning techniques utilized in SPSS are of great value for conducting further
analysis.

The objective of this method is to evaluate the level of cybersecurity awareness among
DESD employees, who have varying ranks, education levels, and computer skills. These records
were used for statistical analysis, which included validity and reliability tests, variable feasibility
tests, correlation tests, multicollinearity tests, multiple regression, and heteroskedasticity tests
conducted using SPSS. Questionnaires were distributed to DESD employees' WhatsApp through
an online link. The questionnaire items used in this research are listed in Table 3.2.

Serial Questionnaire
1. I frequently update my password.
2. I have different passwords for multiple websites.
3. I usually modify the default password of the administrator account.
4. I utilize wireless encryption.
5. I ensure that the firmware of the wireless gadget is regularly updated.
6. I disclose my personal information on social media platforms.
7. I have trusted social network applications.
8. I verify links before clicking on them on social networks.
9. I share my information, documents, and photos online.
10. I setup a password for accessing a shared file.
11. I reviewed the security and privacy policies of service providers.
12. I acknowledge the potential security risk associated with sending passwords via
 email.
13. I am aware of the potential dangers associated with clicking on email links.
14. I am aware of the potential dangers posed by computer viruses.
15. I am aware of the potential dangers associated with email attachments.
16. I installed antivirus software for my computer.

Table 3.2 Questionnaire Items

This questionnaire can be utilized for the purpose of investigating employees' awareness,
capabilities, behavior, attitudes, and self-perception pertaining to cyber security. The respondents
were requested to choose their answers from a range of multiple-choice options, encompassing
"strongly agree," "agree," "neutral," "disagree," and "strongly disagree."

3.4 Qualitative Method

Qualitative methods refer to research techniques employed in order to develop a

comprehensive understanding of human behavior, experiences, perceptions, and motivations.
These methods concentrate on examining and interpreting intricate phenomena, as opposed to
measuring them quantitatively (Davidson et al., 2019). To supplement the data gathered from
questionnaires, in-depth interviews were selected as an additional means of data collection.
Unlike questionnaires, which are non-dynamic and inflexible in nature, interviews enable the
acquisition of more profound, detailed, holistic, and nuanced insights from cybersecurity
professionals.

For the purpose of this study, the interview method will be utilized to obtain feedback on
current cybersecurity risk management techniques and from a specific group of experts in the
field such as threat intelligence. The process will commence by identifying participants who
meet the requirements outlined by the study. The selected individuals will receive an invitation
letter via both email and WhatsApp. Upon agreeing to participate in the research, participants
will be provided with the interview protocol and a consent letter. The interviews will be
conducted using a semi-structured format, allowing for the posing of targeted questions. All
interviews will be recorded using a smartphone in order to capture the participants' perceptions,
sentiments, and thoughts. A smartphone audio recorder will be employed for this purpose.
Following the discussions, the audio recordings will be transcribed. Once the entire interview
transcript is completed, a member checking process will be undertaken to ensure that participants
accurately recall their responses to the questions.
3.5 Validity and Reliability

Validity refers to the probability that a study will yield accurate, meaningful, and credible
findings (Hayashi et al., 2019). In more straightforward terms, validity ensures that the variables
being measured are indeed being accurately measured. To ensure validity in both quantitative
and qualitative research designs, the same individual oversaw the development of the
questionnaire and in-depth interview guides. Both guides underwent a thorough examination to
ensure consistency in wording, definitions, and alignment with the research questions.

Considering the prevalence of quantitative design, the interview guide was tailored to
align with the final questionnaire design. To minimize any factors that could potentially impact
the qualitative results, the interviews were recorded and transcribed verbatim. Additionally, this
approach was adopted for all interviews in order to avoid leading questions and biases from
influencing the informants' responses. Following each interview, an "after-action review" session
was conducted to discuss key findings and offer feedback for improvement or maintenance in
specific areas prior to the subsequent interview.

Ensuring reliability is crucial in qualitative research to establish trust in the findings.

While traditional measures of reliability in quantitative research prioritize consistency and
replicability, qualitative research places emphasis on dependability and confirmability.
Dependability refers to the stability and consistency of data, demonstrating that findings are not
influenced by transient factors. Confirmability relates to the neutrality and objectivity of
researchers during data collection and analysis, thus minimizing bias.

3.6 Discussion and Expected Result

This study aims to identify the frameworks and practices that can enhance DESD
cybersecurity risk management through the analysis of surveys and interviews. It will propose an
approach to cybersecurity risk management. According to Parsola, J. (2022), a cybersecurity
management framework offers a methodical approach to managing cybersecurity risks and
implementing a comprehensive cybersecurity program in an organization. It aids organizations in
formulating strategies, policies, processes, and controls to safeguard their information systems
and data. Figure 3.1 illustrates the principal components typically present in a cybersecurity
management framework.

Figure 3.1 Cybersecurity Risk Management (Parsola, J., 2022)

 By implementing a cybersecurity management framework, DESD can establish a
methodical and proactive strategy for managing cybersecurity risks. This approach will
effectively safeguard crucial assets while guaranteeing the confidentiality, integrity, and
availability of information systems and data. The framework functions as a comprehensive guide
for implementing and continually enhancing cybersecurity practices, thereby establishing a solid
basis for fostering a resilient and secure organization.

Moreover, the aim of this research is to identify the main causes of cyber threats and
propose the best practices for DESD employees to counter these threats while upholding the
security of sensitive data. The recommended best practices that can be implemented within the
DESD, encompass:

(a) Establishing a robust governance framework with clearly defined roles and
responsibilities for cybersecurity.

(b) Administering regular cybersecurity awareness training or educational initiatives for

employees to enhance their comprehension of security threats.

(c) Highlighting the significance of promptly identifying and reporting potential security
incidents.

(d) Installing firewalls, detection and prevention systems for intrusions, and other network
security measures to protect against unwanted access and malicious activity.

(e) Perpetually backing up essential data and rigorously testing backup processes for
reliability and efficacy.

(f) Furnishing resources such as posters, newsletters, and training materials to fortify
security awareness.
3.7 Conclusion

In this research, an analysis of cybersecurity risk management has been conducted. The
findings demonstrate that organizations are required to thoroughly examine and address
cybersecurity risks in order to protect their networks, information systems, and sensitive data
from emerging cyber threats. This research highlights the significance of understanding the
cybersecurity threat landscape, implementing risk mitigation plans, and establishing
cybersecurity management frameworks. It is evident that an awareness of and adherence to the
security guidelines for DESD are indispensable for effective cybersecurity risk management.
DESD must remain vigilant and consistently update cybersecurity protocols to effectively
combat the ever-evolving threats and changes in the technological landscape.