Please use this identifier to cite or link to this item: http://hdl.handle.net/2440/114278
Citations
Scopus Web of Science® Altmetric
?
?
Type: Journal article
Title: A reliable measure of Information Security Awareness and the identification of bias in responses
Author: McCormac, A.
Calic, D.
Butavicius, M.
Parsons, K.
Zwaans, T.
Pattinson, M.
Citation: Australasian Journal of Information Systems, 2017; 21:1-12
Publisher: Deakin Business School
Issue Date: 2017
ISSN: 1449-8618
1449-8618
Statement of
Responsibility: 
Agata McCormac, Dragana Calic, Marcus Butavicius, Kathryn Parsons, Tara Zwaans, Malcolm Pattinson
Abstract: The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed.
Keywords: Information security; Information Security Awareness; cyber security; reliability; questionnaire design
Rights: © 2017 McCormac, Calic, Butavicius, Parsons, Zwaans & Pattinson. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial 3.0 Australia License, which permits non-commercial use, distribution, and reproduction in any medium, provided the original author and AJIS are credited. This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
RMID: 0030079020
DOI: 10.3127/ajis.v21i0.1697
Appears in Collections:Business School publications

Files in This Item:
File Description SizeFormat 
hdl_114278.pdfPublished Version237.38 kBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.