EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
research-methodologyresearch-designcase-study

Research Design: Concept and Types

A design chosen after the data are already in hand is not a design -- it is a story built to fit whatever numbers turned up. Eight common designs, and why correlational findings get misread as causal ones constantly.

Ashish Revar6 July 202610 min read2 views

Sign in to mark this article as read and track your progress.

More articlesTest your knowledge

What a Research Design Actually Fixes

A research design is the plan that connects a research question to the evidence that will answer it, and it has to be settled before data collection begins. The design fixes what the data will later be able to prove — and just as importantly, what it will not be able to prove. A design chosen after the data are already in hand isn't a design. It's a story built to fit whatever numbers turned up.

Eight Common Research Designs

Descriptive. Documents a phenomenon as it stands, without manipulating anything. Profiling the typical sequence of API calls a ransomware family makes during execution is descriptive work.

Exploratory. Used when the problem itself isn't yet well understood. Loosely structured and often qualitative, aimed at generating hypotheses rather than testing them. Open interviews with SOC analysts, run before any survey instrument exists, are exploratory.

Explanatory (causal). Aims to show that one variable causes a change in another, usually through a controlled experiment. Does adding adversarial examples to a model's training data cause a measurable drop in how easily it can be fooled, with the architecture and dataset size held fixed?

Correlational. Measures the strength of an association between variables without manipulating either one. Is there an association between how quickly an organisation applies security patches and how severe its reported incidents are? A correlational design can't say which variable is driving which, or rule out some third factor driving both.

Cross-sectional. Data collected at one point in time across a sample. A one-time survey of password-reuse habits among 500 employees is cross-sectional.

Longitudinal. The same subjects or systems observed repeatedly over time. Tracking one organisation's phishing-click rate every quarter for three years, after introducing an awareness programme, is longitudinal.

Case study. An in-depth examination of one instance, chosen because it's unusually rich, typical, or informative — not because it's representative in the statistical sense. A detailed forensic reconstruction of how a single organisation was compromised in a specific breach is a case study. It can't claim to generalise the way a large random sample can, but it can uncover a mechanism no survey would have surfaced.

Quasi-experimental. Close to a true experiment in that some intervention is deliberately introduced, but without random assignment to the intervention and control groups. Comparing incident rates at organisations that adopted a new email filter against those that didn't, when the researcher couldn't force organisations into either group at random, is quasi-experimental.

Where These Sit on a Spectrum

Descriptive, correlational, and case study designs sit at the observational end of a spectrum — no manipulation at all. Quasi-experimental designs sit in the middle: some intervention is introduced, but without random assignment. True experimental designs, with both intervention and random assignment, sit at the far end, offering the most control over confounding variables. Most cybersecurity field research, where organisations can't be randomly assigned to a treatment, lands in that quasi-experimental middle.

Correlational designs are the ones students most often misreport. Finding that organisations using multi-factor authentication also report fewer account-takeover incidents establishes an association. It does not show that MFA caused the drop, unless the study controlled for confounders such as security budget and staff training, or used an experimental design instead. This is the same correlation-versus-causation distinction from Unit 1's discussion of experimental and observational research, and it doesn't weaken with repetition.

Matching a Question to a Design

Shape of the questionDesign usually called for
"What exists, or how common is X?"Descriptive, cross-sectional
"Why does X happen?" (not yet understood)Exploratory, often qualitative
"Does X cause Y?"Explanatory / experimental
"Are X and Y related?"Correlational
"How does X change over time?"Longitudinal
"What exactly happened in this one instance?"Case study
"Did this intervention work, when I couldn't randomise who got it?"Quasi-experimental

Look back at how WannaCry and Mirai were used in Unit 1. Each was treated as a single, richly detailed instance rather than one row in a large dataset of malware incidents — which is exactly what makes them case studies in the formal sense above. A case study earns its place in a literature review or a thesis not by being typical, but by being documented well enough, and analysed carefully enough, that its lessons generalise even though the sample size is one.

Check Your Understanding

A researcher wants to know whether a security-awareness programme reduces phishing-click rates. Name the design most suited to a causal claim here, and say what a purely correlational design would fail to rule out.