A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

Authors

  • Agata McCormac Defence Science and Technology Group
  • Dragana Calic Defence Science and Technology Group
  • Marcus Butavicius Defence Science and Technology Group
  • Kathryn Parsons Defence Science and Technology Group
  • Tara Zwaans The University of Adelaide
  • Malcolm Pattinson The University of Adelaide

DOI:

https://doi.org/10.3127/ajis.v21i0.1697

Keywords:

Information security, Information Security Awareness, Cyber security, Reliability, Questionnaire design

Abstract

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

Downloads

Published

2017-11-28

How to Cite

McCormac, A., Calic, D., Butavicius, M., Parsons, K., Zwaans, T., & Pattinson, M. (2017). A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses. Australasian Journal of Information Systems, 21. https://doi.org/10.3127/ajis.v21i0.1697

Issue

Section

Selected Papers from the Australasian Conference on Information Systems (ACIS)