2019-03 Measuring and analyzing compliance in cybersecurity

Topic. Today, in our online and globalizing world, cyber security is more important than ever. Despite this general awareness, cyber-incidents are prevalent and seem to be increasing in numbers and in seriousness (APWG, 2018).

To secure themselves, organizations have policies and rules to keep themselves safe. These rules are not always followed up by staff. A question that we want to study is: why are employees compliant or non-compliant? And how does one measure compliance in the first place? Measuring the extent to which employees are compliant is a difficult task. Adults, generally, will not admit breaking rules easily. In this study we therefore want to develop new methods to measure compliance. For instance, we are thinking of using randomized response techniques (Fox, Veen, & Klotzke, 2018).

Furthermore, there are several theories to explain why people are compliant. For instance, personality may play a role. But also mere opportunities may be essential. While we are measuring compliance it is also interesting to learn more about it’s risk factors.

Required expertise. We are looking for a master student with an interest in methodology (measurement issues) and cyber security.

Contact UT. Are you interested in writing your thesis on this topic? Please mail us.

  • Prof. Dr. Marianne Junger - IEBIS, BMS, Email : M.Junger@Utwente.nl
  • Prof R. de Vries, Department of Educational Science, Email: r.e.devries@utwente.nl
  • Jean-Paul Fox, Department of Research Methodology, Measurement and Data Analysis, Email: g.j.a.fox@utwente.nl


APWG. (2018). Phishing Activity Trends Report, 3rd Quarter 2018. In: Anti-Phishing Working Group (APWG). http://docs.apwg.org/reports/apwg_trends_report_q3_2018.pdf.

Fox, J.-P., Veen, D., & Klotzke, K. (2018). Generalized Linear Mixed Models for Randomized Responses. Methodology