6 hours ago, wildturkey said:

Once again I am not selecting anyone, therefore there is no self-selection Bias, if the results are distorted it does not matter as I am merely seeking to report the results, and if distorted they will be reported as such.

That is exactly self-selection bias.  The participants of the survey select themselves to participate.  You only get results from those who self-select to participate.  They have a name in research circles, "SLOP", from "Self-Selected Opinion Polls", mockingly termed this because SLOP results are near-worthless academically. 

Let's look at a few.

Survey participants are already biased toward people who use this site, a social discussion board, and who frequent the Lounge on this board.  It would have been somewhat different if you posted in other forums, like the networking forum.  By being on the board it means participants are more social than a random, representative sample, and more likely to actively discuss topics discussed particularly on this board with other people online than a representative sample. Opinions on the board may differ considerably from a representative sample, such as if we collectively believe this is the work for other systems, or that particular vulnerabilities are an issue even if they don't match actual industry data.  As you don't know how the self-selected respondents compare to the representative samples, you will have no idea how far shifted those are.  

Survey participants are biased toward those who want to answer surveys and are willing to jump through the hoops to do so; industry professionals generally don't care to be bothered to do that, so you're going to get people with more time on their hands than a random sample; those people are less likely to be the ones you want. Again, you won't be able to know how shifted those are. Are you seeing more industry professionals, or less industry professionals, or even raw beginners? Are they misrepresenting themselves, perhaps calling themselves expert after a few months of experience, or calling themselves intermediate when they are far above the norm? Dunning-Kruger applies here, both for those who are below and those who are above the norm.

The difficulty is that because you have no proper representative sample to compare against, you cannot compute how biased your results are, nor can you determine the accuracy (more properly, the inaccuracy) of the results.  This is why self-selected surveys are generally wildly inaccurate.

For the results to be meaningful, the pollster must identify the potential respondents for the survey, must select them from representative pools, and must account for non-responses in the results.  The survey itself must also be designed in non-biasing ways, including carefully crafted questions that do not presume a specific result, and ordering the questions to avoid leading, or "pushing" respondents toward expected answers.  The responses allowed must also account for this, forcing respondents into particular buckets introduces further bias.

Surveys for objective data and concrete results is hard enough, but subjective opinion polls are extremely difficult to craft with any research credibility.

But if your research adviser is willing to let you do 'research' with using SLOP data, go right ahead.  Just don't expect any reputable journals to publish it, the better ones identify the methodology and reject the papers.

On 11/13/2017 at 7:34 PM, Scouting Ninja said:

You seem to misunderstand. The Second life server isn't sitting in the Nike CEO's office, plugged in to the Nike mainframe. There is no connection between the game computers and the computers of the organizations invested in the game.

I am well aware that the severs of the game and the servers of the company are not it the same location. But what you have to understand is that via a standard account form almost any MMORPG someone can hack into someones system (for example) by disguising themselves as trusted name/account and sending the person an external link/script to click on via chat, that is pretty much all it takes for someone who knows what they are doing to get into the other persons system. The connection between the two computers is the game client itself, as both parties are on the same sever. I have researched on this issue extensively but here is a good starter article to read on this that just scratches the surface.Playing it Safe: Avoiding Online Gaming Risks.   Here is another one  Security issues in online games

On 11/13/2017 at 7:34 PM, Scouting Ninja said:

And a know game would be monitoring all there data constantly.

It does not matter to a person that is trying to accomplish their goal of doing whatever harm they intend to do to an organizations systems, before anything can really be done to that person they can do their damage to that organization and its systems.

On 11/13/2017 at 7:34 PM, Scouting Ninja said:

This is good to know you should have started with this. So how would they contact you if they have info to share?

I do apologize for that, I assumed that the people who were interested would send me a message via this site. When anyone who is interested wants/participate, they can send me a message via this site.Then we can exchange email addresses for further communication.

5 hours ago, wildturkey said:

can hack into someones system

Yes well aware of this that was why I pointed out the flaw with your main question.

On 11/13/2017 at 2:19 AM, Scouting Ninja said:

On 11/2/2017 at 10:53 PM, wildturkey said:

measures might be taken to eliminate or reduce organizational risks

This is broad to a fault. Do you mean loss to profit? Loss related to theft? Risk related to fire? Risk of things not arranged properly?

Any type of risk is a organizational risk.

The papers you linked are risk to players and the developers. organizations are free from this risk. All harm they get from this is harm to there reputation.

You see even if I hacked into second life. By some magic got the profile from a Nike CEO, send him a email as his friend asking him to install a virus. All that I would achieve is in annoying a single IT guy at Nike, who now has to restore the Nike CEO's computer.

Any decent size company has a proper setup that prevents risks. The only way to get around those systems is to find a loop hole and often with such a large opening you can just upload the virus to a public site and just use the hole to spread it around.

The other problem is the CEO of Nike, even if he plays second life his profile won't be named the "The CEO of Nike".

I would have a much easier time looking for a Nike employee in real life, give them a USB telling them some bull story and wait for them to plug it into there PC at work.

Hackers like the ones mentioned in your papers feed on players.

Edit:

To help make it clear. The real world equivalent to hacking a game to steal from a organization would be to break into a local shoe store, to steal secrets from Nike.

18 hours ago, Scouting Ninja said:

The papers you linked are risk to players and the developers. organizations are free from this risk. All harm they get from this is harm to there reputation.

I said that those articles just scratches the surface on this issue, there are more articles that go into more depth on this issue.

18 hours ago, Scouting Ninja said:

You see even if I hacked into second life. By some magic got the profile from a Nike CEO, send him a email as his friend asking him to install a virus. All that I would achieve is in annoying a single IT guy at Nike, who now has to restore the Nike CEO's computer.

Any decent size company has a proper setup that prevents risks. The only way to get around those systems is to find a loop hole and often with such a large opening you can just upload the virus to a public site and just use the hole to spread it around.

The other problem is the CEO of Nike, even if he plays second life his profile won't be named the "The CEO of Nike".

I would have a much easier time looking for a Nike employee in real life, give them a USB telling them some bull story and wait for them to plug it into there PC at work.

companies like Nike would most likely have a dedicated server and company account that they would log all of their employees into on in Second Life, IBM has an Island in Second life that they use for meetings and conferencing, all someone has to do is look for these companies on these games and they can find them. it is not too hard. anyone who knows what they are doing can do some recon on someone , make a fake profile, and hack someone who is using a company server, after that they are in that companies network and can do whatever they want/are capable of doing.  Trust me almost no one who works for a big company knows all of their IT staff by name/avatar.

You do bring up good points though, would you be interested in participating my my study? I highly value your  input and opinions, and it seems like you are the only one communicating with me on this topic. 

On 11/13/2017 at 10:32 PM, frob said:

That is exactly self-selection bias.  The participants of the survey select themselves to participate.  You only get results from those who self-select to participate.  They have a name in research circles, "SLOP", from "Self-Selected Opinion Polls", mockingly termed this because SLOP results are near-worthless academically. 

I hear and understand where you are going with this, but in order for anyone to participate in any academic study they must willingly want to participate. trying to get people to participate any other way than willfully is against the ethical rules of conducting a academic study and would not be accepted by any university.

On 11/13/2017 at 10:32 PM, frob said:

Survey participants are biased toward those who want to answer surveys and are willing to jump through the hoops to do so; industry professionals generally don't care to be bothered to do that, so you're going to get people with more time on their hands than a random sample; those people are less likely to be the ones you want. Again, you won't be able to know how shifted those are. Are you seeing more industry professionals, or less industry professionals, or even raw beginners? Are they misrepresenting themselves, perhaps calling themselves expert after a few months of experience, or calling themselves intermediate when they are far above the norm? Dunning-Kruger applies here, both for those who are below and those who are above the norm.

The difficulty is that because you have no proper representative sample to compare against, you cannot compute how biased your results are, nor can you determine the accuracy (more properly, the inaccuracy) of the results.  This is why self-selected surveys are generally wildly inaccurate.

unfortunately I have no control over that bias, I can only attempt to reach out and contact people and hope that they choose to participate, be they industry professionals, or less industry professionals, or even raw beginners. I also have no control over the issue of someone misrepresenting themselves, all studies conducted will have to deal with that issue if they are seeking expert opinions on any topic.

The nature of my study (Once again) The Delphi Method  is to analyze, record, and report the results. If the results show that due to those reasons you mentioned, it is skewed, then that is what I will report and advise that further research is needed on this topic.

I also see that you have written and published a book, I congratulate you on your achievement.   My study is quite the opposite, your book is showing people how to do something based off of your knowledge and experience on the topic of game development. My study is (attempting) to come to consensus on the issue that I am researching. Regardless of how the participants identify themselves (be it a true representation of their skills and knowledge on the topic or not). My job here is just to make sure that I accurately report the results of that, whatever they may be.

I thank you for your input on this issue and I also believe that  you would have a lot to contribute to my study if you wished to be a participant. If you do please send me a private message via this site as I need more experts like yourself to participate so that I can move forward with my study.

On 11/17/2017 at 2:56 AM, wildturkey said:

companies like Nike would most likely have a dedicated server and company account that they would log all of their employees into on in Second Life, IBM has an Island in Second life that they use for meetings and conferencing

Yes that was the point I was making. This is known as public relations and companies keep this part away from the main computer system.

IBM created a island in second life to strengthen public relations. The emails you would get from hacking Second life would be the same kind of thing as if you googled "IBM email address". It's a public address with no risk for the company.

That is why companies use dedicated servers for dealing with the public. It means that it isn't linked to there own system.

On 11/17/2017 at 2:56 AM, wildturkey said:

Trust me almost no one who works for a big company knows all of their IT staff by name/avatar.

Trust me the company IT does not play games with the company computers.

As a example of how strict companies are about security. I am at work right now. I am allowed to browse the internet but only by using my own laptop, that is next to me.

13 hours ago, Scouting Ninja said:

Yes that was the point I was making. This is known as public relations and companies keep this part away from the main computer system.

good info, this is exactly the info/opinions that I am looking for in my study. This is the expert knowledge/opinions that I need, are you sure you do not wish to participate in my study?