Two Examples of a Set of Delimitations Example #1 Topic scope (content and audience). Parno et al. (2006) write that "the research community and corporations need to make a concentrated effort to combat the increasingly severe economic consequences of phishing" (p. 2). For now, phishing remains a problem that must be solved through the user interface (Miller & Wu, 2005), and user interface designers and developers are in a good position to provide solutions. In fact, Sasse and Flechais (2005) point out that effective design principles must be employed by interface designers in order to increase the usability of secure applications. They go on to say that developers are often left with the responsibility of making decisions about security in new applications. This annotated bibliography is limited in scope to informing the user interface design and development communities about common traits of phishing attacks and noting principles described in selected literature for user interface design based on evolving threats to home users. Time frame. The literature collected for this annotated bibliography is published between XXXX and XXXX. Even though the challenges associated with security and usability have been recognized to a limited extent for the past 30 years (Garfinkel, 2005), examination of references for this inquiry reveals that the focus on usability and security as a research area began in earnest during 2002 (see Search Strategy Report in Research Parameters, section 4). During 2005, Garfinkel describes HCI-Sec "as the newly emergent field of usability and security" (p. 37). Although the first phishing attacks are traced back to 1996, phishing is not considered a large-scale IT threat until 2004 (Abad, 2004). Focus (what will be examined). Literature for this annotated bibliography is selected that directly addresses the area of HCI-Sec and its application to the recent tide of phishing attacks. According to Jakobsson (2005), developers of anti-phishing applications must understand current and future threats posed by phishing in order to deploy successful solutions. In order to do this, factors are considered in three areas. The first goal of this annotated bibliography is to provide user interface designers and developers with references that address how phishers attack home users through the computer user interface. The second goal of this annotated bibliography is to provide user interface designers and developers with references that address design principles to enable them to create user interface solutions that better help home users defend themselves against attacks. The third goal of this annotated bibliography is to provide references that address the area of user education as a complementary element to antiphishing applications. This component provides user interface designers and developers with information about general learning and human-computer interaction principles necessary to build in visibility and transparency to augment anti-phishing applications with user education that enhances usability and informational security. Focus (what won't be examined). Other areas of literature that are not explored but could be logical extensions of this annotated bibliography: o Underlying technologies that should be used to shape the design of secure and usable anti-phishing applications o Design research methodology for the development of anti-phishing solutions o Other tactics for fighting phishing beyond the user interface, such as removal of phishing Web sites (Moore & Clayton, 2007) or visible watermarking (Topkara, Kamra, Atallah, & Nita-Rotaru, 2005) o Managing phishing from the corporate perspective, such as deployment of customer service strategies to encourage use of online transactions by customers who have been victims of phishing and identity theft in the past. Types of sources. Literature is selected from books, journals, and academic, professional and association Web sites. Academic literature provides theoretical and practical guidance based on user research and case studies. Professional and association literature provides industry examples and perspectives about usable security and phishing. Reference lists from the literature found in these sources include additional material not located using traditional search methods. In addition, searches on names of several researchers cited repeatedly in various articles provide additional literature and reports for the annotated bibliography. Reference selection criteria. All the literature for this annotated bibliography is reviewed for quality of methods, results, and conclusions based on minimum criteria defined by Leedy and Ormrod (2005): (a) author affiliation, meaning that the author is affiliated with an accredited university or widely considered an industry expert; (b) peer review, meaning that the literature is reviewed by experts in the field before publication; (c) identification of a clear and focused research problem; (d) inclusion of the collection of data, or synthesis of other research in the field; (e) a set of procedures that can be replicated; and (f) the analysis of data and conclusions by the author that appear logical and valid. Literature that did not meet the defined criteria is not included in the annotated bibliography. White papers and articles from popular magazines are not considered. In addition, the annotated bibliography only includes literature that is available or reproducible in hard copy. Example #2 Time frame. When collecting materials, Leedy and Ormrod (2005) recommend selecting resources with recent copyright or publication dates to provide the most "current perspective" on a particular topic (p. 65). As such, the majority of resources chosen for this annotated bibliography have publication dates between XXXX and XXXX. In some cases, articles with publication dates prior to XXXX are referenced as they represent the original theories or research upon which the more recent literature is based. Selection criteria. Selected literature is retrieved via Google Scholar, EBSCOHost, ERIC, and LexusNexis Academic Databases, from prior University of Oregon Applied Information Management courses, as well as through professional publications and journals. As prescribed by the research evaluation questions outlined by Leedy & Ormrod (2005), preference is given to literature with stated objectives, which provide an in-depth analysis related to the problem area or sub-topics within this literature review. Additionally selected literature is examined to ensure that it is built upon published ideas and hypotheses within the context of strategy, CRM and/or customer loyalty. Audience. This annotated bibliography is targeted at managers who work in organizations charged with implementing customer relationship management information system solutions. It is focused on the necessary strategic foundational factors that must be in place to support a successful system implementation. Topic definition. While CRM tends to be closely associated with technology (Payne, 2006), much of the literature selected for use within this study meets a criterion framed by Rigby, Reichheld & Schefter (2002) who say that technology should server as a facilitator to the customer relationship management process, not the total solution. More topic definition. Limiting the definition of 'customer' to internal operations personnel is an incomplete assessment; one should also consider the needs of external customers, and business process, structure and technology should respond to their unique needs, rather than only those of personnel serving in internal functional areas (Jayachandran, Sharma, Kaufman & Raman, 2005). Focus - What will and won't be included. In the broader information management community, literature selected for use in this bibliography augments research relative to CRM best practices. While this study does not focus on the actual implementation aspects of a CRM technological solution, it does focus on the necessary organizational alignment foundation that is required to move from a product-centric to a customer-centric strategy. Inquiry context. Problem, sub-topic, and audience selection are framed based upon real challenges presented by this author's professional organization's sales force automation undertakings. Selected literature examines how a customer-centric strategy can be defined and implemented within a particular organization to pave the way for successful CRM initiatives and increased levels of customer loyalty.