IEEE Systems Journal, 2012
This paper evaluates a taxonomy of privacy and security risks contributing factors with the Delphi method. The taxonomy was introduced in a previous work, and it is based on characteristics of tokens used in identity management systems (IDMSs). The taxonomy represents a construct for risk analysis in IDMSs. Constructs are concepts, terms, or vocabularies and symbols adopted or developed to describe, conceptualize, or define the problems and solutions within a domain. We can determine the performance and utility of a construct through evaluation. Evaluation can determine constructs' completeness, simplicity, elegance, ease of use, and understandability. Evaluation of a construct can be done with the Delphi method. The Delphi method solicits expert opinions on a subject matter in a structured group communication process. The Delphi evaluation of the taxonomy led to additional privacy and security risks contributing factors that were not covered in the initial taxonomy. Furthermore, the evaluation identified three key risk indicators and showed that the experts mostly agreed with our initial risk analysis construct for IDMSs.