The research methodology adopted for this research was evaluated, based on seven design science research guidelines proposed by Hevner et al. (2004). Each guideline and its application in this research is discussed next.
4.4.1 Guideline 1: Design an artefact
The major output of IS design science research is an innovative artefact that can be used by practitioners and the industry to develop an information system, based on the proposed artefact. A novel privacy-preserving, insider threat and prediction model which is an artefact that can be used for organizations and individuals to develop an insider threat prediction and prevention system as well as security procedures and policies are proposed.
4.4.2 Guideline 2: Problem relevance
The artefact proposed in this research addresses a serious insider threat problem, which is challenging to tackle, as insiders have access credentials and they know in detail the internal working of the organization. Another challenge with the problem is that insiders are people, and it is complicated to understand and predict their behaviour. The reason is that each person has his or her own behavioural patterns and traits and these factors make it challenging to address. This artefact solves the problem of privacy abuse by monitoring
the activities of insiders, such as their electronic communication, for detection and mitigation. The model attempts to preserve the privacy of insiders. The complexity of the problem requires the use of different theories from the disciplines of criminology and computer science.
4.4.3 Guideline 3: Design Evaluation
One of the evaluations proposed by Österle et al. (2011) is involving experts in the domain area of the problem to evaluate the artefact. For this research, a panel of 26 IS security experts (n=26) was gathered from the industry and academia to evaluate the model as well as the prototype. They evaluated the model based on Österle et al.’s (2011) principles, namely abstraction, originality, justification and benefit. The evaluation was done in two iterations with the revision of both the model and the prototypes as per the suggestions by the panel of experts until they were satisfied with the feasibility of the model. The details of the contribution are discussed in chapter eight.
4.4.4 Guideline 4: Research contribution
According to Henver et al. (2004), there may be two research contributions at the end of DSR research. The first contribution is the artefact produced and the second contribution is that an improvement should be made to the existing DSR paradigm or methodology. For this research, the contribution is the produced artefact, namely a Privacy-Preserving,
Context-Aware, Insider Threat Prevention and Prediction model(PPCAITPP). The details of the contribution are discussed in chapter eight.
4.4.5 Guideline 5: Research rigor
This research was conducted, based on rigorous methods to construct and evaluate the artefact. The construction of the artefact was based on the study of extant literature in this field of IS security. The evaluation was conducted by expert opinions proposed in the
literature while the principles of evaluation used in this study were based on acceptable standards in design science research.
4.4.6 Guideline 6: Design as a search process
The model was produced after an extensive review of literature related to insider threats, the Fraud Diamond, situational crime prevention, context-aware systems and privacy- preserving techniques. These components are discussed in detail in the literature review. The model was further improved by experts’ opinions in the IS security field with two iterations to refine the model. The model was implemented by creating a prototype to demonstrate the applicability of the artefact and to guide experts in reviewing the model.
4.4.7 Guideline 7: Communication of research
The model was presented to the academics and practitioners in the information security discipline at an international conference. The research was also published for the conference proceedings. The main platform for communicating the results of this research is the thesis itself, as the research is conducted for the fulfillment of the requirements for a Ph.D. degree.
Table 4.1 DSR summary based on Hevner et al. (2004) with reference to the chapters in this thesis
Guideline Description Mapping
Guideline 1:
Design as an artefact
The research needs to develop a novel artefact such as a construct, model, method or an instantiation.
Privacy-preserving,
context-aware insider threat prediction and prevention model (PPCAITPPM) (Chapter five)
Guideline 2: Problem relevance
The artefact produced must address significant and relevant real-world problems.
Addresses the insider threat problem
(Chapter two and chapter five)
Guideline 3: Design evaluation
The artefact developed must be demonstrated and evaluated in terms of research utility, quality, and efficacy.
Prototype, simulation, and expert review
(Chapter six and chapter seven)
Guideline 4:
Research contributions
The research needs to contribute to the body of scientific knowledge and/or to the design science methodology.
The research combines
approaches from
criminology and computer science and helps to predict and prevent insider threats while balancing the privacy of insiders (Chapter eight) Guideline 5:
Research rigor
The research must be based on the application of rigorous methods in both
A research methodology, based on extant literature, was used. (Chapter three
the construction of the artefact as well as the evaluation of the artefact.
and chapter four )
Guideline 6:
Design as a search process
The search process to produce an artefact needs to be based on the scientific research process and applied to the context of the specific research problem.
Extant literature was examined in the areas of insider threats, the Fraud Diamond, situational crime prevention, context-aware systems and privacy- preserving techniques based on the principles of design science research. (Chapter two and chapter three)
Guideline 7:
Communication of research
The research must be presented effectively, both to technology-oriented and management-oriented audiences.
Thesis write-up and publication (All chapters and Section 4.3.6)