Expert Evaluation of a User Behavior Micro-Segmentation Framework for Work-From-Home Environments

Authors

Atuhe Aarone Mike

Department of Computer Science, Mbarara University of Science and Technology (Uganda)

Akampurira Paul

Department of Computing, Kampala International University (Uganda)

Dr. Richard Ntwari

Department of Computer Science, Mbarara University of Science and Technology (Uganda)

Dr, Wilison Tumuhimbise

Department of Computer Science, Mbarara University of Science and Technology (Uganda)

Article Information

DOI: 10.51584/IJRIAS.2026.110400010

Subject Category: Computer Science

Volume/Issue: 11/4 | Page No: 140-147

Publication Timeline

Submitted: 2026-04-04

Accepted: 2026-04-10

Published: 2026-04-25

Abstract

The rapid shift to WFH practices in higher education has increased cyber security risks influenced by user behavior, usability challenges, and contextual constraints. Although several cyber security frameworks have been proposed to address these risks, many lack empirical validation in real academic environments. This study evaluated a behavior-centered cyber security framework designed for university WFH contexts using expert review to assess its feasibility, relevance, and contextual suitability. A mixed-methods expert-based evaluation was conducted, combining structured quantitative ratings with qualitative feedback from cyber security and higher education ICT professionals. Quantitative data were analysed using descriptive statistics and non-parametric tests, while qualitative responses were examined using thematic analysis. The results showed that experts rated the framework as highly relevant and deployable for academic WFH environments, particularly in terms of risky behavior identification and contextual adaptability. Lower ratings were associated with implementation effort, reflecting practical organisational considerations rather than conceptual weaknesses. The study provides empirical evidence supporting the feasibility and applicability of behavior-centered cyber security frameworks in remote academic work environments and demonstrates the value of expert-based mixed-methods evaluation for validating socio-technical security frameworks prior to deployment.

Keywords

Cyber Security Framework; Expert Evaluation

Downloads

References

1. Braun, V., & Clarke, V. (2019). Reflecting on reflexive thematic analysis. Qualitative Research in Sport, Exercise and Health, 11(4), 589–597. https://doi.org/10.1080/2159676X.2019.1628806 [Google Scholar] [Crossref]

2. Braun, V., & Clarke, V. (2021). One size fits all? What counts as quality practice in (reflexive) thematic analysis? Qualitative Research in Psychology, 18(3), 328–352. https://doi.org/10.1080/14780887.2020.1769238 [Google Scholar] [Crossref]

3. Creswell, J. W., & Plano Clark, V. L. (2018). Designing and conducting mixed methods research (3rd ed.). SAGE Publications. [Google Scholar] [Crossref]

4. Di Nocera, F., Tempestini, G., & Orsini, M. (2023). Usable security: A systematic literature review. Information, 14(12), 641. https://doi.org/10.3390/info14120641 [Google Scholar] [Crossref]

5. European Union Agency for Cyber security . (2023). Cyber security culture guidelines: Behavioral aspects of cyber security . ENISA. https://www.enisa.europa.eu/publications/cyber security -culture-guidelines-behavioral-aspects-of-cyber security [Google Scholar] [Crossref]

6. Field, A. (2018). Discovering statistics using IBM SPSS statistics (5th ed.). SAGE Publications. [Google Scholar] [Crossref]

7. Grand-Guillaume-Perrenoud, J. A., Ortoleva Bucher, C., Baroffio, A., & Nendaz, M. (2023). Mixed methods instrument validation: Evaluation procedures for practitioners developed from the validation of the Swiss Instrument for Evaluating Interprofessional Collaboration. Frontiers in Psychology. https://pmc.ncbi.nlm.nih.gov/articles/PMC9875772/ [Google Scholar] [Crossref]

8. International Organization for Standardization & International Electrotechnical Commission. (2022). Information security, cyber security and privacy protection — Information security management systems — Requirements (ISO/IEC 27001:2022). ISO. https://www.iso.org/standard/27001 [Google Scholar] [Crossref]

9. Kotulic, A. G., & Clark, J. G. (2004). Why there aren’t more information security research studies. Information & Management, 41(5), 597–607. https://doi.org/10.1016/j.im.2003.08.001 [Google Scholar] [Crossref]

10. National Institute of Standards and Technology. (2018, April 16). Framework for improving critical infrastructure cyber security (Version 1.1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.CSWP.04162018 [Google Scholar] [Crossref]

11. Pallant, J. (2020). SPSS survival manual: A step by step guide to data analysis using IBM SPSS (7th ed.). McGraw-Hill Education. [Google Scholar] [Crossref]

12. Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the “weakest link” — A human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3), 122–131. https://doi.org/10.1023/A:1011902718709 [Google Scholar] [Crossref]

Metrics

Views & Downloads

Similar Articles