CEC Theses and Dissertations

Date of Award

2016

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Information Systems (DISS)

Department

College of Engineering and Computing

Advisor

Yair Levy

Committee Member

Theon Danet

Committee Member

James Parrish

Abstract

Studies have revealed that securing Information Systems (IS) from intentional misuse is a concern among organizations today. The use of Web-based systems has grown dramatically across industries including e-commerce, e-banking, e-government, and e learning to name a few. Web-based systems provide e-services through a number of diverse activities. The demand for e-learning systems in both academic and non-academic organizations has increased the need to improve security against impersonation fraud. Although there are a number of studies focused on securing Web-based systems from Information Systems (IS) misuse, research has recognized the importance of identifying suitable levels of authenticating strength for various activities. In e-learning systems, it is evident that due to the variation in authentication strength among controls, a ‘one size fits all’ solution is not suitable for securing diverse e-learning activities against impersonation fraud.

The main goal of this study was to use the framework of the Task-Technology Fit (TTF) theory to conduct an exploratory research design to empirically investigate what levels of authentication strength users perceive to be most suitable for activities in e-learning systems against impersonation fraud. This study aimed to assess if the ‘one size fits all’ approach mainly used nowadays is valid when it comes to securing e-learning activities from impersonation fraud. Following the development of an initial survey instrument (Phase 1), expert panel feedback was gathered for instrument validity using the Delphi methodology. The initial survey instrument was adjusted according to feedback (Phase 2). The finalized Web-based survey was used to collect quantitative data for final analyses (Phase 3).

This study reported on data collected from 1,070 e-learners enrolled at a university. Descriptive statistics was used to identify what e-learning activities perceived by users and what users perceived that their peers would identify to have a high potential for impersonation. The findings determined there are a specific set of e-learning activities that high have potential for impersonation fraud and need a moderate to high level of authentication strength to reduce the threat. Principal Component Analysis was used to identify significant components of authentication strength to be suitable against the threats of impersonation for e-learning activities.