Expert Evaluation of a User Behavior Micro-Segmentation Framework for Work-From-Home Environments
Authors
Department of Computer Science, Mbarara University of Science and Technology (Uganda)
Department of Computing, Kampala International University (Uganda)
Department of Computer Science, Mbarara University of Science and Technology (Uganda)
Department of Computer Science, Mbarara University of Science and Technology (Uganda)
Article Information
DOI: 10.51584/IJRIAS.2026.110400010
Subject Category: Computer Science
Volume/Issue: 11/4 | Page No: 140-147
Publication Timeline
Submitted: 2026-04-04
Accepted: 2026-04-10
Published: 2026-04-25
Abstract
The rapid shift to WFH practices in higher education has increased cyber security risks influenced by user behavior, usability challenges, and contextual constraints. Although several cyber security frameworks have been proposed to address these risks, many lack empirical validation in real academic environments. This study evaluated a behavior-centered cyber security framework designed for university WFH contexts using expert review to assess its feasibility, relevance, and contextual suitability. A mixed-methods expert-based evaluation was conducted, combining structured quantitative ratings with qualitative feedback from cyber security and higher education ICT professionals. Quantitative data were analysed using descriptive statistics and non-parametric tests, while qualitative responses were examined using thematic analysis. The results showed that experts rated the framework as highly relevant and deployable for academic WFH environments, particularly in terms of risky behavior identification and contextual adaptability. Lower ratings were associated with implementation effort, reflecting practical organisational considerations rather than conceptual weaknesses. The study provides empirical evidence supporting the feasibility and applicability of behavior-centered cyber security frameworks in remote academic work environments and demonstrates the value of expert-based mixed-methods evaluation for validating socio-technical security frameworks prior to deployment.
Keywords
Cyber Security Framework; Expert Evaluation
Downloads
References
1. Braun, V., & Clarke, V. (2019). Reflecting on reflexive thematic analysis. Qualitative Research in Sport, Exercise and Health, 11(4), 589–597. https://doi.org/10.1080/2159676X.2019.1628806 [Google Scholar] [Crossref]
2. Braun, V., & Clarke, V. (2021). One size fits all? What counts as quality practice in (reflexive) thematic analysis? Qualitative Research in Psychology, 18(3), 328–352. https://doi.org/10.1080/14780887.2020.1769238 [Google Scholar] [Crossref]
3. Creswell, J. W., & Plano Clark, V. L. (2018). Designing and conducting mixed methods research (3rd ed.). SAGE Publications. [Google Scholar] [Crossref]
4. Di Nocera, F., Tempestini, G., & Orsini, M. (2023). Usable security: A systematic literature review. Information, 14(12), 641. https://doi.org/10.3390/info14120641 [Google Scholar] [Crossref]
5. European Union Agency for Cyber security . (2023). Cyber security culture guidelines: Behavioral aspects of cyber security . ENISA. https://www.enisa.europa.eu/publications/cyber security -culture-guidelines-behavioral-aspects-of-cyber security [Google Scholar] [Crossref]
6. Field, A. (2018). Discovering statistics using IBM SPSS statistics (5th ed.). SAGE Publications. [Google Scholar] [Crossref]
7. Grand-Guillaume-Perrenoud, J. A., Ortoleva Bucher, C., Baroffio, A., & Nendaz, M. (2023). Mixed methods instrument validation: Evaluation procedures for practitioners developed from the validation of the Swiss Instrument for Evaluating Interprofessional Collaboration. Frontiers in Psychology. https://pmc.ncbi.nlm.nih.gov/articles/PMC9875772/ [Google Scholar] [Crossref]
8. International Organization for Standardization & International Electrotechnical Commission. (2022). Information security, cyber security and privacy protection — Information security management systems — Requirements (ISO/IEC 27001:2022). ISO. https://www.iso.org/standard/27001 [Google Scholar] [Crossref]
9. Kotulic, A. G., & Clark, J. G. (2004). Why there aren’t more information security research studies. Information & Management, 41(5), 597–607. https://doi.org/10.1016/j.im.2003.08.001 [Google Scholar] [Crossref]
10. National Institute of Standards and Technology. (2018, April 16). Framework for improving critical infrastructure cyber security (Version 1.1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.CSWP.04162018 [Google Scholar] [Crossref]
11. Pallant, J. (2020). SPSS survival manual: A step by step guide to data analysis using IBM SPSS (7th ed.). McGraw-Hill Education. [Google Scholar] [Crossref]
12. Sasse, M. A., Brostoff, S., & Weirich, D. (2001). Transforming the “weakest link” — A human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3), 122–131. https://doi.org/10.1023/A:1011902718709 [Google Scholar] [Crossref]
Metrics
Views & Downloads
Similar Articles
- What the Desert Fathers Teach Data Scientists: Ancient Ascetic Principles for Ethical Machine-Learning Practice
- Comparative Analysis of Some Machine Learning Algorithms for the Classification of Ransomware
- Comparative Performance Analysis of Some Priority Queue Variants in Dijkstra’s Algorithm
- Transfer Learning in Detecting E-Assessment Malpractice from a Proctored Video Recordings.
- Dual-Modal Detection of Parkinson’s Disease: A Clinical Framework and Deep Learning Approach Using NeuroParkNet