MedISA
Medical Centre Employee Centered Information Security Awareness
Katalog
Im Rahmen der MedISA-Forschung wurden verschiedene Messinstrumente zur Erfassung der Information Security Awareness in einem Katalog zusammengestellt, die für weitere Forschungsarbeiten und praktische Anwendungen genutzt werden können. Die zusammengestellten Instrumente bieten Hinweise auf Reliabilität und Validität, die wissenschaftlichen Gütekriterien sind jedoch von unterschiedlicher Qualität. Weitere Hinweise entnehmen Sie den dazugehörigen Publikationen.
Name: The Human Aspects of Information Security Questionnaire (HAIS-Q) DOI: https://doi.org/10.1016/j.cose.2017.01.004
Added: 2017
Added: 2017
Name: Simplified Information Security Awareness Scale (SISA) DOI: https://doi.org/10.3233/SHTI210248
Added: 2021
Added: 2021
Name: Information Security Attitude Questionnaire for Nurses (ISA-Q) DOI: https://doi.org/10.1002/nop2.1353
Added: 2022
Added: 2022
Name: Mobile Information Security Awareness Scale (MISAS) DOI: https://doi.org/10.1108/OIR-04-2020-0129
Added: 2021
Added: 2021
Name: Security Behavior Intentions Scale (SeBIS) DOI: https://doi.org/10.1145/2702123.2702249
Added: 2015
Added: 2015
Name: SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS) DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395
Added: 2015
Added: 2015
Name: Cyber Security Awareness Scale Based on Recommendation of ENISA and the U.S. HHS (CSAS) DOI: http://hdl.handle.net/10125/64215
Added: 2020
Added: 2020
Name: End-User Security Attitudes Scale (SA-6) DOI: https://www.usenix.org/conference/soups2019/presentation/faklaris
Added: 2019
Added: 2019
Name: Security Awareness Scale for Health Care Information Systems (SAS-HIPAA) DOI: https://doi.org/10.48009/1_iis_2011_224-236
Added: 2011
Added: 2011
Name: Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS) DOI: https://doi.org/10.1145/3465481.3470094
Added: 2021
Added: 2021
The Human Aspects of Information Security Questionnaire (HAIS-Q)
You will now be asked to complete three sets of questions about using a computer for work. These sets of questions are about: (1) your knowledge of computer use guidelines, (2) your attitude towards these computer use guidelines, (3) your behaviour when using a computer for work. Knowledge: The following statements are about your knowledge of how you should use a computer for work. Attitude: The following statements are about your attitude. You’ve told us about your knowledge of computer use guidelines. Now please tell us what you think about these guidelines. Behaviour: The following statements are about your behaviour. You’ve told us what you know, and what you think about computer use guidelines. Now please tell us what you do when using a computer for work.
Antwort Spezifikation: Five-point Likert scale from “Strongly Disagree” to “Strongly Agree”.
Knowledge
Attitude
Behavior
| Item |
|---|
| It´s acceptable to use my social media password on my work accounts. |
| I am allowed to share my work password with my colleagues. |
| A mixture of letters, numbers and symbols is necessary for work passwords. |
| Item |
|---|
| I am allowed to click on any links in emails from people I know. |
| I am not permitted to click on a link in an email from an unknown sender. |
| I am allowed to open email attachments from unknown senders. |
| Item |
|---|
| I am allowed to download any files onto my work computer if they help me to do my job. |
| While I am at work, I shouldn´t access certain websites. |
| I am allowed to enter any information an any website if it helps me do my job. |
| Item |
|---|
| I must periodically review the privacy setting on my social media accounts. |
| I can´t be fired for something I post on social media. |
| I can post what I want about work on social media. |
| Item |
|---|
| When working in a public place, I have to keep my laptop with me at all times. |
| I am allowed to send sensitive work files via a public Wi-Fi network. |
| When working on a sensitive document, I must ensure that strangers can´t see my laptop screen. |
| Item |
|---|
| Sensitive print-outs can be disposed of in the same way as non-sensitive ones. |
| If I find a USB stick in a public place, I shouldn´t plug it into my work computer. |
| I am allowed to leave print-outs containing sensitive information on my desk overnight. |
| Item |
|---|
| If I see someone acting suspiciously in my workplace, I should report it. |
| I must not ignore poor security behavior by my colleagues. |
| It´s optional to report security incidents. |
| Item |
|---|
| It´s safe to use the same password for social media and work accounts. |
| It´s a bad idea to share my work passwords, even if a colleague asks for it. |
| It´s safe to have a work password with just letters. |
| Item |
|---|
| It´s always safe to click on links in emails from people I know. |
| Nothing bad can happen if I click on a link in an email from an unknown sender. |
| It´s risky to open an email attachment from an unknown sender. |
| Item |
|---|
| It can be risky to download files on my work computer. |
| Just because I can access a website at work, doesn´t mean that it´s safe. |
| If it helps me to do my job, it doesn´t matter what information I put on a website. |
| Item |
|---|
| It´s a good idea to regularly review my social media privacy settings. |
| It doesn´t matter if I post things on social media that I wouldn´t normally say in public. |
| It´s risky to post certain information about my work on social media. |
| Item |
|---|
| When working in a café, it´s safe to leave my laptop unattended for a minute. |
| It´s risky to send sensitive work files using a public Wi-Fi network |
| It´s risky to access sensitive work files on a laptop if strangers can see my screen. |
| Item |
|---|
| Disposing of sensitive print-outs by putting them in the rubbish bin is safe. |
| If I find a USB stick in a public place, nothing bad can happen if I plug it into my work computer. |
| It´s risky to leave print-outs that contain sensitive information on my desk overnight. |
| Item |
|---|
| If I ignore someone acting suspiciously in my workplace, nothing bad can happen. |
| Nothing bad can happen if I ignore poor security behavior by a colleague. |
| It´s risky to ignore security incidents, even if I think they´re not significant. |
| Item |
|---|
| I use a different password for my social media and work accounts. |
| I share my work passwords with my colleagues. |
| I use a combination of letters, numbers and symbols in my work password. |
| Item |
|---|
| I don´t always click in links in emails just because they come from someone I know. |
| If an email from an unknown sender looks interesting, I click on a link within it. |
| I don´t open email attachments if the sender is unknown to me. |
| Item |
|---|
| I download any files onto my work computer that will help me get the job done. |
| When accessing the Internet at work, I visit any website that I want to. |
| I assess the safety of websites before entering information. |
| Item |
|---|
| I don´t regularly review my social media privacy settings. |
| I don´t post anything on social media before considering any negative consequences. |
| I post whatever I want about my work on social media. |
| Item |
|---|
| When working in a public place, I leave my laptop unattended. |
| I send sensitive work files using a public Wi-Fi network. |
| I check that strangers can´t see my laptop screen if I´m working on a sensitive document. |
| Item |
|---|
| When sensitive print-outs need to be disposed of, I ensure that they are shredded or destroyed. |
| I wouldn´t plug a USB stick found in a public place into my work computer. |
| I leave print-outs that contain sensitive information on my desk when I´m not there. |
| Item |
|---|
| If I saw someone acting suspiciously in my workplace, I would do something about it. |
| If I notice my colleague ignoring security rules, I wouldn´t take any action. |
| If I notice a security incident, I would report it. |