Two Examples of a Set of Delimitations Example #1 Topic scope

advertisement
Two Examples of a Set of Delimitations
Example #1
Topic scope (content and audience). Parno et al. (2006) write that "the research
community and corporations need to make a concentrated effort to combat the increasingly
severe economic consequences of phishing" (p. 2). For now, phishing remains a problem that
must be solved through the user interface (Miller & Wu, 2005), and user interface designers and
developers are in a good position to provide solutions. In fact, Sasse and Flechais (2005) point
out that effective design principles must be employed by interface designers in order to increase
the usability of secure applications. They go on to say that developers are often left with the
responsibility of making decisions about security in new applications. This annotated
bibliography is limited in scope to informing the user interface design and development
communities about common traits of phishing attacks and noting principles described in selected
literature for user interface design based on evolving threats to home users.
Time frame. The literature collected for this annotated bibliography is published
between XXXX and XXXX. Even though the challenges associated with security and usability
have been recognized to a limited extent for the past 30 years (Garfinkel, 2005), examination of
references for this inquiry reveals that the focus on usability and security as a research area
began in earnest during 2002 (see Search Strategy Report in Research Parameters, section 4).
During 2005, Garfinkel describes HCI-Sec "as the newly emergent field of usability and
security" (p. 37). Although the first phishing attacks are traced back to 1996, phishing is not
considered a large-scale IT threat until 2004 (Abad, 2004).
Focus (what will be examined). Literature for this annotated bibliography is selected
that directly addresses the area of HCI-Sec and its application to the recent tide of phishing
attacks. According to Jakobsson (2005), developers of anti-phishing applications must
understand current and future threats posed by phishing in order to deploy successful solutions.
In order to do this, factors are considered in three areas. The first goal of this annotated
bibliography is to provide user interface designers and developers with references that address
how phishers attack home users through the computer user interface. The second goal of this
annotated bibliography is to provide user interface designers and developers with references that
address design principles to enable them to create user interface solutions that better help home
users defend themselves against attacks. The third goal of this annotated bibliography is to
provide references that address the area of user education as a complementary element to antiphishing applications. This component provides user interface designers and developers with
information about general learning and human-computer interaction principles necessary to build
in visibility and transparency to augment anti-phishing applications with user education that
enhances usability and informational security.
Focus (what won't be examined). Other areas of literature that are not explored but
could be logical extensions of this annotated bibliography:
o
Underlying technologies that should be used to shape the design of secure and
usable anti-phishing applications
o
Design research methodology for the development of anti-phishing solutions
o
Other tactics for fighting phishing beyond the user interface, such as removal of
phishing Web sites (Moore & Clayton, 2007) or visible watermarking (Topkara,
Kamra, Atallah, & Nita-Rotaru, 2005)
o
Managing phishing from the corporate perspective, such as deployment of customer
service strategies to encourage use of online transactions by customers who have
been victims of phishing and identity theft in the past.
Types of sources. Literature is selected from books, journals, and academic, professional
and association Web sites. Academic literature provides theoretical and practical guidance based
on user research and case studies. Professional and association literature provides industry
examples and perspectives about usable security and phishing. Reference lists from the literature
found in these sources include additional material not located using traditional search methods.
In addition, searches on names of several researchers cited repeatedly in various articles provide
additional literature and reports for the annotated bibliography.
Reference selection criteria. All the literature for this annotated bibliography is
reviewed for quality of methods, results, and conclusions based on minimum criteria defined by
Leedy and Ormrod (2005): (a) author affiliation, meaning that the author is affiliated with an
accredited university or widely considered an industry expert; (b) peer review, meaning that the
literature is reviewed by experts in the field before publication; (c) identification of a clear and
focused research problem; (d) inclusion of the collection of data, or synthesis of other research in
the field; (e) a set of procedures that can be replicated; and (f) the analysis of data and
conclusions by the author that appear logical and valid. Literature that did not meet the defined
criteria is not included in the annotated bibliography. White papers and articles from popular
magazines are not considered. In addition, the annotated bibliography only includes literature
that is available or reproducible in hard copy.
Example #2
Time frame. When collecting materials, Leedy and Ormrod (2005) recommend selecting
resources with recent copyright or publication dates to provide the most "current perspective" on
a particular topic (p. 65). As such, the majority of resources chosen for this annotated
bibliography have publication dates between XXXX and XXXX. In some cases, articles with
publication dates prior to XXXX are referenced as they represent the original theories or research
upon which the more recent literature is based.
Selection criteria. Selected literature is retrieved via Google Scholar, EBSCOHost,
ERIC, and LexusNexis Academic Databases, from prior University of Oregon Applied
Information Management courses, as well as through professional publications and journals. As
prescribed by the research evaluation questions outlined by Leedy & Ormrod (2005), preference
is given to literature with stated objectives, which provide an in-depth analysis related to the
problem area or sub-topics within this literature review. Additionally selected literature is
examined to ensure that it is built upon published ideas and hypotheses within the context of
strategy, CRM and/or customer loyalty.
Audience. This annotated bibliography is targeted at managers who work in
organizations charged with implementing customer relationship management information system
solutions. It is focused on the necessary strategic foundational factors that must be in place to
support a successful system implementation.
Topic definition. While CRM tends to be closely associated with technology (Payne,
2006), much of the literature selected for use within this study meets a criterion framed by
Rigby, Reichheld & Schefter (2002) who say that technology should server as a facilitator to the
customer relationship management process, not the total solution.
More topic definition. Limiting the definition of 'customer' to internal operations
personnel is an incomplete assessment; one should also consider the needs of external customers,
and business process, structure and technology should respond to their unique needs, rather than
only those of personnel serving in internal functional areas (Jayachandran, Sharma, Kaufman &
Raman, 2005).
Focus - What will and won't be included. In the broader information management
community, literature selected for use in this bibliography augments research relative to CRM
best practices. While this study does not focus on the actual implementation aspects of a CRM
technological solution, it does focus on the necessary organizational alignment foundation that is
required to move from a product-centric to a customer-centric strategy.
Inquiry context. Problem, sub-topic, and audience selection are framed based upon real
challenges presented by this author's professional organization's sales force automation
undertakings. Selected literature examines how a customer-centric strategy can be defined and
implemented within a particular organization to pave the way for successful CRM initiatives and
increased levels of customer loyalty.
Download