Graduation Year


Document Type




Degree Granting Department

Business Administration

Major Professor

Alan R. Hevner, Ph.D.

Co-Major Professor

Allen R. DeSerranno, DBA

Committee Member

Donald Berndt, Ph.D.

Committee Member

Matthew Mullarkey, Ph.D.


compliance, conceptual model, Design Science Research, Elaborated Action Design Research, Fitness-Utility Model, NIST CSF


Research into cybersecurity risks and various methods of evaluating those threats has become an increasingly important area of academic and practitioner investigations. Of particular interest in this field is enhancing the designs and informing capabilities of cybersecurity risk management solutions for users who desire to understand how organizations are impacted when such risks are exploited. Many of the cybersecurity risk management solutions are extremely technical and require their users to have a commensurate level of technical acumen. In the situation evaluated during this research project, the founders of the company being researched had created a highly technical risk management solution composed of sophisticated networking and cryptography components. The company’s management team, on the other hand, had very little cybersecurity industry background but needed to effectively communicate the specialized capabilities of the solution to potential customers and business partners in an understandable way. In this case, improving the company’s solution design to better convey its technical foundation both inside and outside the company was required. Design Science Research (DSR) offers a methodology that was created to help analyze, create, and evaluate design artifacts that can identify useful ways to work through technical challenges such as those faced by the company. The Elaborated Action Design Research (eADR) methodology can be used to further improve design artifacts through an iterative process that is easily understood by practitioners and academics and grounded in theory. When DSR and eADR methodologies are used together, the result is the creation and demonstration of informing artifacts which will address technical cybersecurity risk evaluation and communication issues. This research project contains a case study, an accompanying technical note, and two research papers which will address research questions informed by the DSR methodology process in response to related communication and compliance issues noted in the cybersecurity risk management problem space.