Date of Conferral



Doctor of Business Administration (D.B.A.)


Information Systems and Technology


Anthony Lolas


The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state's mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron's internal security management model with the external trust models of the Liberty Alliance and Microsoft's Passport software. The research question revolved around the identity and access management framework used by 13 community colleges in Texas to track guest users and the college's ability to protect the college from illegal acts. Using a grounded theory approach, data were collected by interviewing 13 information technology management professionals at the community colleges regarding their security policies and procedures as well as by campus observations of security practices. The results of constant comparison analysis indicate that no universal theory was being used. Only 3 of the 13 colleges tracked guest user access. Reasons for not tracking guest access included lack of financial and technology resources and process knowledge. Based on these findings, the identity management infrastructure theory was recommended for network access control, self-registration, and identity authentication at these colleges and many other colleges. The implications for social change include raising awareness of the risks most community colleges face from network security breaches, regulatory noncompliance, and lawsuit damages that could result from the lack of an identity management process.