Link Search Menu Expand Document
Publications

This is the mobile-friendly web version of the original article.

Digital Identity: A Human-Centered Risk Awareness Study

University of South Florida

Scholar Commons

Graduate Theses and Dissertations, Graduate School

November 2020

Toufic N. Chebib

University of South Florida
A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Business Administration Muma College of Business University of South Florida

Co-Major Professor: Jung Chul Park, Ph.D.

Co-Major Professor: Loran Jarrett, D.B.A.

Joann Quinn, Ph.D.

Paul Solomon, Ph.D.

Date of Approval:

October 23, 2020

Copyright © 2020, Toufic N. Chebib

Video: Welcome to the University of South Florida

Scholar Commons Citation Chebib, Toufic N., “Digital Identity: A Human-Centered Risk Awareness Study” (2020). Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/8523

This Dissertation is brought to you for free and open access by the Graduate School at Scholar Commons. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Scholar Commons. For more information, please contact [email protected].

  1. ACKNOWLEDGMENTS
  2. TABLE OF CONTENTS
  3. LIST OF TABLES
  4. LIST OF FIGURES
  5. ABSTRACT

ACKNOWLEDGMENTS

I would like to thank my family for always being there for me. I especially thank my parents for raising their two boys on great values of maintaining integrity in our relationships and work, self-respect, and respect for others, as well as instilling into us a sense of servant leadership. My father, Nicolas, and my mother, Margaret, have always been and still are an exemplary couple in teaching us family values and finding joy in helping others around us. My parents have always taught us not to be afraid to aim for the stars, work hard, and be humble. A big thank you to my brother Ziad for always being a rock I can lean on during tough times.

The journey to get this far through my studies has not been easy. When I first moved to the United States in December 2000, I had a couple of hundred dollars that my father managed to put aside for me; times were tough. He always taught me to be the best I can be in everything I do. My goal was to seek knowledge and get a terminal degree. Here I am, 20 years later, making my dream come true. I always dreamt of being an astronaut; little did I know that being an astronaut was all about breaking barriers and reaching new heights in life.

I want to also thank my DBA cohort members for being a great support channel throughout this program. Thank you to my dissertation chairs and committee: Dr. Jung Chul Park, Dr. Loran Jarrett, Dr. Joann Quinn, and Dr. Paul Solomon. I also thank my dissertation team and cohort members, Mark Mattia, Michael Summers, and Brad Puckey, for listening to my progress updates for almost a year. A special thank you to Dr. Vernetta Williams for being a fantastic dissertation process guide and writing coach, particularly for keeping me motivated and focused. Congratulations to the Doctor of Business Administration class of 2020; this year has not been easy, but we made it through. Best of luck in all your future endeavors.

TABLE OF CONTENTS

  • List of Tables
  • List of Figures
  • Abstract
  • Chapter One: Introduction
    • Background
      • Example of an Identity Theft Victim
    • Statement of Purpose
      • Purpose
      • Relevance
    • The Motivation for the Study
    • Researcher Bias and Assumptions
    • Research Question
  • Chapter Two: About Identity
    • Identity
    • Privacy
    • Data Privacy Risks
    • Privacy Laws, Regulations, and Frameworks
    • Digital Identity Management
  • Chapter Three: Literature Review
    • Overview
    • Themes from the Literature
      • Theme 1: Increased Use of the Internet
      • Theme 2: Definition of Digital Identity
      • Theme 3: Perspectives on Digital Identity and Privacy
      • Theme 4: Privacy Risks
      • Theme 5: Laws and Regulations Relating to Privacy and Digital Identity
      • Theme 6: Individuals Behavior and Habits
      • Theme 7: Tools and Training Enabling Digital Identity Management
    • Summary of Findings
  • Chapter Four: Methodology
    • Overview
    • Research Design
      • Interview Until Data Novelty Saturation
      • Process Followed
      • Thematic Analysis
      • Why the ATA for this Study
    • Data Collection
      • Participant Selection
      • Interview Participants Characteristics
      • Study Invitation
      • IRB Approval
    • Data Analysis
      • Coding Method
        • Top-down open coding
        • Bottom-up axial coding
        • Illustrate findings by themes or key concepts
      • Coding Results
        • Open coding
  • Chapter Five: Findings
    • Overview
    • Findings from the Interviews
      • Qualifier to the Study: High Internet Adoption and Use of Digital Identity
        • Most people 55 to 75 are active online…………………………………………….48
      • Online Accounts
        • Most of the people didn’t remember all the online accounts they used in the last 5 to 10 years
        • Social media
        • Online banking
        • Online purchases
        • Digital identity includes online personal data as well as online interactions
      • Theme 1: People Accept the Risk When It Affects Their Convenience
        • Accept the risk as it is part of life right now, especially when the convenience outweighs the risks
        • Most study participants have been or know someone who has been affected by an online data breach
        • Study participants’ online behavior was not affected by experiencing or knowing about cybersecurity breaches
        • Study participants’ concern about their online reputation
        • People seem to trust their financial institutions to protect them and their money
        • Cybersecurity risks are not a deterrence
      • Theme 2: People Are Concerned That Companies Are Not Being Transparent with Regards to Being Good Custodians of Their Digital Identity
        • Companies are not providing details about data breaches
        • There is a high level of familiarity with the existence of online privacy rules, laws, and regulations
        • Companies are not transparent with people’s personal data withheld or shared online
        • People want companies to be more transparent
      • Theme 3: People Are Aware of the Availability of Tools and Trainings to Help Manage the Risks
        • Awareness to keep digital identity secure
        • People’s awareness of tools and training
        • People’s exposure to cybersecurity training
        • Cybersecurity training is helpful
        • Low adoption of password management tools
      • Theme 4: People Want More Transparency and Control Over Their Digital Identity to Help Them Ease Their Concerns of the Risks
        • People want more transparency and control over their online digital data
        • Solutions desired geared towards transparency and more control
  • Chapter Six: Discussion
    • Overview
    • Analysis
      • Qualifier to the Study: Increased Level of Internet Adoption Among People Caused the Wide Use of Digital Identity
        • Interpretation
      • Qualifier to the Study: People Are Aware of the Composition of Their Digital Identity
        • Interpretation
      • Theme 1: Relationship Between Digital Identity Risks and People’s Online Behavior
        • Interpretation
      • Theme 2: Online Platforms Are a Risk to People’s Digital Identity
        • Interpretation
      • Theme 3: Tools to Manage Digital Identity Risks
        • Interpretation
      • Theme 4: People Want More Transparency and Awareness to Keep Their Digital Identity Secure
        • Interpretation
    • Conclusions
    • Contribution to Academics and Practitioners
    • Limitations and Future Research

  • References

  • Appendix A: Interview Solicitation Flyer

  • Appendix B: IRB Verbal Consent Form

  • Appendix C: Interview Questionnaire

  • Appendix D: IRB Approval Exempt Form

  • Appendix E: ITRC 2019 Data Breach Report Statistics

LIST OF TABLES

Table 1: Literature Review Summary of Findings

Table 2: Open Coding and Groupings.

Table 3: Open Coding to Axial Coding

Table 4: Axial Coding to Themes

Table 5: Internet Adoption Comparison

Table 6: Digital Identity Composition Awareness Comparison

Table 7: Relationship Between Digital Identity Risks and People’s Online Behavior Comparison

Table 8: Online Platforms are a Risk to People’s Digital Identity Comparison

Table 9: Tools to Manage People’s Digital Identity Comparison

Table 10: People Want More Transparency and Awareness to Keep Their Digital Identity Secure Comparison

Table 1A: Breaches and Records Exposed (In Millions) by Year (2010 to 2019)

LIST OF FIGURES

Figure 1: The Two Major Categories of Identity

Figure 2: Digital Identity Composition

Figure 3: Literature Review Process

Figure 4: The Seven Themes from the Literature Review

Figure 5: The End-to-End Trust Model in the Interactions Between the Digital and Physical Worlds

Figure 6: Methodology Process Followed Thematic Analysis

Figure 7: Adapted Thematic Analysis Framework

Figure 8: Transcripts to Open Coding Relationship

Figure 9: Open Coding to Axial Coding Relationship

Figure 10: Axial Coding to Themes

Figure 11: The Four Major Themes from the Interviews

ABSTRACT

Cybersecurity threats and compromises have been at the epicenter of media attention; their risk and effect on people’s digital identity is something not to be taken lightly. Though cyber threats have affected a great number of people in all age groups, this study focuses on 55 to 75-year-olds, as this age group is close to retirement or already retired. Therefore, a notable compromise impacting their digital identity can have a major impact on their life.

To help guide this study, the following research question was formulated, “What are the risk perceptions of individuals, between the ages of 55 and 75 with no IT background, pertaining to their digital identity?” The literature review helped identify seven themes that served as a base to generate a series of qualitative interview questions. Twenty interviews were conducted, transcribed, and coded following the Adapted Thematic Analysis framework, which resulted in four themes that answered the research question.

The themes relevant to the research question were: People accept the risk when it affects their convenience, people are concerned that companies are not being transparent with regards to being good custodians of their digital identity, people are aware of the availability of tools and training to help manage the risks, people want more transparency and control over their digital identity to help ease their concerns of the risks.

The findings from the literature review and the interviews led to a series of interpretations that validated the gaps found in the literature review. Notably, the quarantine caused by the unexpected event (i.e.: COVID-19 pandemic) forced people to an all-time high adoption of the internet. People were aware of the risks pertaining to their digital identity, but their level of awareness varied. This gap developed the need for a personal risk assessment framework and the need for a benchmark of user-friendly best practices to help mitigate the risks. The increased adoption of new technologies similar to machine learning, artificial intelligence, and distributed ledger technologies like blockchain will help in creating more of a transparent ecosystem to interact online as well as reduce human intervention in reacting to and mitigating cybersecurity risks affecting digital identity.

Table of contents