Two Approaches to Information Security Doctoral Research

  • Helen Armstrong
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 406)


Researchers embarking upon doctoral research in information security face numerous challenges at the commencement of their studies. Students often face confusion as they consider where to start and how to progress. The objectives of the research need to be clearly defined before commencing the project. The research questions, methodology, data and analysis are inextricably tied to the objectives, and as such a top-down approach is recommended. This paper discusses two approaches to doctoral research, top-down and bottom-up. The paper is designed to guide students at the commencement of their information security doctoral research. These guidelines may also be of value to the supervisor.


information security education doctoral research 


  1. 1.
    Dlamini, M., Eloff, J., Eloff, M.: Information Security: The moving target. Computers & Security 28, 189–198 (2009)CrossRefGoogle Scholar
  2. 2.
    Armstrong, H., Yngström, L.: Resubmit my Information Security Thesis? You must be joking! In: Proceedings of WISE5, June 19-21. West Point Military Academy, New York (2007)Google Scholar
  3. 3.
    Siponen, M., Oinas-Kukkonen, H.: A Review of Information Security Issues and Respective Research Contributions. The Database for Advances in Information Systems 38(1), 60–80 (2007)CrossRefGoogle Scholar
  4. 4.
    Binning, D.: Top five cloud computing security issues. Computer Weekly (April 24, 2009),
  5. 5.
    Brodkin, J.: Gartner: Seven cloud-computing security risks. Network World (July 2, 2008),
  6. 6.
    Kandukuri, B.R., Paturi, R., Rakshit, A.: Cloud Security Issues. In: Proceedings of Working IEEE SCC 2009: International Conference on Services Computing (SCC 2009 WIP), Bangalore, India (2009)Google Scholar
  7. 7.
    Salek, N.: Revealed: CISO’s top security concerns. IT News (May 31, 2010),,revealed-cisos-top-security-concerns.aspx
  8. 8.
    Orlikowski, W., Baroudi, J.: Studying Information Technology in Organizations: Research Approaches and Assumptions. Information Systems Research 2(1), 1–8 (1991)CrossRefGoogle Scholar
  9. 9.
    March, S., Smith, G.: Design and natural science research on information technology. Decision Support Systems 15, 251–266 (1995)CrossRefGoogle Scholar
  10. 10.
    Da Veiga, A., Eloff, J.: A framework and assessment for information security culture. Computers & Security 29, 196–207 (2009)CrossRefGoogle Scholar
  11. 11.
    Mullins, G., Kiley, M.: It’s a PhD, not a Nobel Prize: how experienced examiners assess research theses. Studies in Higher Education 27(4), 369–386 (2002)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Helen Armstrong
    • 1
  1. 1.School of Information SystemsCurtin UniversityAustralia

Personalised recommendations