Case studies

Case studies allow you to apply what you are learning to a real-world example, or ‘case’. The case could be either an actual or hypothetical situation, person, business or organisation.

Case studies usually ask you to:

describe the case
identify key issues of the case
analyse the case using relevant theory or concepts
make recommendations for the case.

General tips for case studies

Analyse the task carefully

Case studies vary between disciplines, so read the assignment instructions and marking rubric carefully to understand what is expected.

Some case study assignments will ask you to answer very specific questions related to the case. For other case studies, you will decide on the content by interpreting the case information and connecting it with what you have been learning.

Read the case information thoroughly

Read the case information multiple times. You can use a range of reading strategies, including:

skimming to get an idea of the case study scenario
scanning to find specific information relevant to the assignment
reading in detail to develop an in-depth understanding of the case.

While reading, keep the task in mind and ask yourself relevant questions, such as:

How does this case relate to what I have been learning in class?
What issues are evident in the case?
What are the causes of these issues?
What are some possible solutions to these issues?

Highlight any important information and make notes with your answers to these questions.

Connect the case, theory or concepts, and your analysis

Use a mind map or table to help you make connections between the case and theory or concepts. Draw on what you remember from classes and prescribed readings, and then conduct further research to help you analyse the case.

Use a mind map or table to help you plan the structure and content of your writing.

Example mindmap - Nursing

A mindmap is a creative exercise for brainstorming and finding connections between ideas. This mind map shows how alcohol use and smoking can affect the patient's pain. The mindmap includes evidence from the case, theory and the student's thought processes.

Example table for note-taking - Cybersecurity

This table shows how the student has analysed case evidence to identify problems in the case. The student has then researched relevant theory and made recommendations to solve the problems.

Evidence	Problem (Analysis)	Theory or concepts	Recommendations
Windows XP front end for employees with password-only protection	Relies on strong passwords Vulnerable to attack Potential to add fake data to database	Attack vector: guessing password repeatedly (Kapersky 2019) Windows XP has account lockout after multiple incorrect guesses (Microsoft 2017), but this can be bypassed (CVE 2014).	Two-factor authentication
Windows Server 2012 with password-only protection	Vulnerable to attack as account lockout can be bypassed Potential for attackers to manipulate log files	Server admin accounts have access to sensitive information (Solarwinds 2019) Database breach and potential for data manipulation leads to integrity breach = data no longer legitimate or trusted (Henderson 2017) Manipulation of logs means attacker can’t be held accountable = breach of non-repudiation (IBM 2019).	Two-factor authentication

Evidence

Problem (Analysis)

Theory or concepts

Recommendations

Windows XP front end for employees with password-only protection

Relies on strong passwords

Vulnerable to attack

Potential to add fake data to database

Attack vector: guessing password repeatedly (Kapersky 2019)

Windows XP has account lockout after multiple incorrect guesses (Microsoft 2017), but this can be bypassed (CVE 2014).

Two-factor authentication

Windows Server 2012 with password-only protection

Vulnerable to attack as account lockout can be bypassed

Potential for attackers to manipulate log files

Server admin accounts have access to sensitive information (Solarwinds 2019)

Database breach and potential for data manipulation leads to integrity breach = data no longer legitimate or trusted (Henderson 2017)

Manipulation of logs means attacker can’t be held accountable = breach of non-repudiation (IBM 2019).

Two-factor authentication

Writing a case study

Case studies are commonly written in a report or essay format. Regardless of the format, all case studies should include three elements:

facts from the case
theory or concepts from literature (e.g. books, journals)
your analysis.

Example paragraph - Nursing
[All bolded text in brackets identify parts of the paragraph and should not be included in your own writing]

This paragraph includes:

case evidence (about Darren's drinking and smoking)
theory (about the effect of alcohol and smoking and pain) and in-text citations (Chiang et al., 2016; Miyoshi, 2007)
analysis (the implications for Darren's nursing care after the operation)

Darren’s potential for pain is also influenced by lifestyle factors including excessive drinking and long-term smoking. [Case evidence] Darren identifies as a social drinker and consumes two beers each day after work and up to ten beers per day on weekends. [Theory] Frequent consumption of alcohol at high levels can increase a postoperative patient’s need for pain-relieving opioid medications, due to stimulating neuropathic pain delivered through both peripheral nervous system and central nervous system (CNS) pathways (Miyoshi, 2007, p. 208). [Case evidence] In addition to his high alcohol consumption, Darren is a current smoker and has smoked 30 cigarettes per day for the past 20 years. [Theory] Chiang et al. (2016) found that patients who smoke metabolise analgesic medications faster than non-smokers, as nicotine stimulates the CNS and produces analgesia in low quantities, resulting in smokers having a lower pain tolerance or hyperalgesia. [Analysis] Therefore, Darren’s alcohol use and smoking status mean that he is likely to experience higher levels of pain and require higher amounts of analgesia following his operation.

Paragraph adapted and used with student permission

Example paragraph - Cybersecurity
[All bolded text in brackets identify parts of the paragraph and should not be included in your own writing]

This paragraph includes:

case evidence (about access to Green Coin Company's network)
theory (about attacks on passwords and Windows XP) and in-text citations (CVE 2014; Kapersky 2007; Windows 2017)
analysis (the consequences of an attack on the company)

A major ICT weakness in Green Coin Company is that [Case evidence] employees access the network through a Windows XP frontend with a password authentication system. Passwords can be an effective way to authenticate into the system, provided that the password is strong and that the user keeps it secret. [Theory] However, a common attack vector on passwords is a trial-and-error approach where the attacker tries passwords repeatedly until they guess correctly and gain access to the network (Kapersky 2019). On a system with good security controls, the account will be locked out for a specified period after several wrong guesses, and an admin will be alerted that the account has been locked out (Windows 2017). However, Windows XP has a vulnerability that can bypass the lockout system, giving an attacker the ability to guess the password as many times as needed without being detected by the system (CVE 2014). [Analysis] If the attacker compromises an account that has access to the database, they will be able to add fake sales records, shipping requests and bullion transactions, thus compromising the integrity of the overall database.

Paragraph adapted and used with student permission

For more complete example case studies with further annotations, see the Word and PDF documents below.

Example case studies

Pathfinder link

Still have questions? Do you want to talk to an expert? Peer Learning Advisors or Academic Skills and Language Advisors are available.