Case studies allow you to apply what you are learning to a real-world example, or ‘case’. The case could be either an actual or hypothetical situation, person, business or organisation.
Case studies usually ask you to:
Case studies vary between disciplines, so read the assignment instructions and marking rubric carefully to understand what is expected.
Some case study assignments will ask you to answer very specific questions related to the case. For other case studies, you will decide on the content by interpreting the case information and connecting it with what you have been learning.
Read the case information multiple times. You can use a range of reading strategies, including:
While reading, keep the task in mind and ask yourself relevant questions, such as:
Highlight any important information and make notes with your answers to these questions.
Use a mind map or table to help you make connections between the case and theory or concepts. Draw on what you remember from classes and prescribed readings, and then conduct further research to help you analyse the case.
Use a mind map or table to help you plan the structure and content of your writing.
This table shows how the student has analysed case evidence to identify problems in the case. The student has then researched relevant theory and made recommendations to solve the problems.
| Evidence | Problem (Analysis) | Theory or concepts | Recommendations |
|---|---|---|---|
| Windows XP front end for employees with password-only protection |
Relies on strong passwords Vulnerable to attack Potential to add fake data to database |
Attack vector: guessing password repeatedly (Kapersky 2019) Windows XP has account lockout after multiple incorrect guesses (Microsoft 2017), but this can be bypassed (CVE 2014). |
Two-factor authentication |
| Windows Server 2012 with password-only protection |
Vulnerable to attack as account lockout can be bypassed Potential for attackers to manipulate log files |
Server admin accounts have access to sensitive information (Solarwinds 2019) Database breach and potential for data manipulation leads to integrity breach = data no longer legitimate or trusted (Henderson 2017) Manipulation of logs means attacker can’t be held accountable = breach of non-repudiation (IBM 2019). |
Two-factor authentication |
Case studies are commonly written in a report or essay format. Regardless of the format, all case studies should include three elements:
This paragraph includes:
Darren’s potential for pain is also influenced by lifestyle factors including excessive drinking and long-term smoking. [Case evidence] Darren identifies as a social drinker and consumes two beers each day after work and up to ten beers per day on weekends. [Theory] Frequent consumption of alcohol at high levels can increase a postoperative patient’s need for pain-relieving opioid medications, due to stimulating neuropathic pain delivered through both peripheral nervous system and central nervous system (CNS) pathways (Miyoshi, 2007, p. 208). [Case evidence] In addition to his high alcohol consumption, Darren is a current smoker and has smoked 30 cigarettes per day for the past 20 years. [Theory] Chiang et al. (2016) found that patients who smoke metabolise analgesic medications faster than non-smokers, as nicotine stimulates the CNS and produces analgesia in low quantities, resulting in smokers having a lower pain tolerance or hyperalgesia. [Analysis] Therefore, Darren’s alcohol use and smoking status mean that he is likely to experience higher levels of pain and require higher amounts of analgesia following his operation.
Paragraph adapted and used with student permission
This paragraph includes:
A major ICT weakness in Green Coin Company is that [Case evidence] employees access the network through a Windows XP frontend with a password authentication system. Passwords can be an effective way to authenticate into the system, provided that the password is strong and that the user keeps it secret. [Theory] However, a common attack vector on passwords is a trial-and-error approach where the attacker tries passwords repeatedly until they guess correctly and gain access to the network (Kapersky 2019). On a system with good security controls, the account will be locked out for a specified period after several wrong guesses, and an admin will be alerted that the account has been locked out (Windows 2017). However, Windows XP has a vulnerability that can bypass the lockout system, giving an attacker the ability to guess the password as many times as needed without being detected by the system (CVE 2014). [Analysis] If the attacker compromises an account that has access to the database, they will be able to add fake sales records, shipping requests and bullion transactions, thus compromising the integrity of the overall database.
Paragraph adapted and used with student permission
For more complete example case studies with further annotations, see the Word and PDF documents below.