MedISA Logo

MedISA

Medical Centre Employee Centered Information Security Awareness

Katalog

Im Rahmen der MedISA-Forschung wurden verschiedene Messinstrumente zur Erfassung der Information Security Awareness in einem Katalog zusammengestellt, die für weitere Forschungsarbeiten und praktische Anwendungen genutzt werden können.

Die zusammengestellten Instrumente bieten Hinweise auf Reliabilität und Validität, die wissenschaftlichen Gütekriterien sind jedoch von unterschiedlicher Qualität. Weitere Hinweise entnehmen Sie den dazugehörigen Publikationen.

Katalogtitles.catalogue | MedISA

The Human Aspects of Information Security Questionnaire (HAIS-Q)

Autoren: Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.
Titel der Veröffentlichung: The Human Aspects of Information Security Questionnaire (HAIS-Q); Two further validation studies.
DOI: https://doi.org/10.1016/j.cose.2017.01.004
Jahr: 2017

Sprache der Items: Englisch
Anzahl an Items: 63
Reliabilität: Cronbach’s alpha (.75 - .82)
Validität: Konvergente und Konstruktvalidität

You will now be asked to complete three sets of questions about using a computer for work. These sets of questions are about: (1) your knowledge of computer use guidelines, (2) your attitude towards these computer use guidelines, (3) your behaviour when using a computer for work.

Knowledge: The following statements are about your knowledge of how you should use a computer for work.

Attitude: The following statements are about your attitude. You’ve told us about your knowledge of computer use guidelines. Now please tell us what you think about these guidelines.

Behaviour: The following statements are about your behaviour. You’ve told us what you know, and what you think about computer use guidelines. Now please tell us what you do when using a computer for work.


Antwort Spezifikation: Five-point Likert scale from “Strongly Disagree” to “Strongly Agree”.

Knowledge
Item
It´s acceptable to use my social media password on my work accounts.
I am allowed to share my work password with my colleagues.
A mixture of letters, numbers and symbols is necessary for work passwords.
Item
I am allowed to click on any links in emails from people I know.
I am not permitted to click on a link in an email from an unknown sender.
I am allowed to open email attachments from unknown senders.
Item
I am allowed to download any files onto my work computer if they help me to do my job.
While I am at work, I shouldn´t access certain websites.
I am allowed to enter any information an any website if it helps me do my job.
Item
I must periodically review the privacy setting on my social media accounts.
I can´t be fired for something I post on social media.
I can post what I want about work on social media.
Item
When working in a public place, I have to keep my laptop with me at all times.
I am allowed to send sensitive work files via a public Wi-Fi network.
When working on a sensitive document, I must ensure that strangers can´t see my laptop screen.
Item
Sensitive print-outs can be disposed of in the same way as non-sensitive ones.
If I find a USB stick in a public place, I shouldn´t plug it into my work computer.
I am allowed to leave print-outs containing sensitive information on my desk overnight.
Item
If I see someone acting suspiciously in my workplace, I should report it.
I must not ignore poor security behavior by my colleagues.
It´s optional to report security incidents.

Attitude
Item
It´s safe to use the same password for social media and work accounts.
It´s a bad idea to share my work passwords, even if a colleague asks for it.
It´s safe to have a work password with just letters.
Item
It´s always safe to click on links in emails from people I know.
Nothing bad can happen if I click on a link in an email from an unknown sender.
It´s risky to open an email attachment from an unknown sender.
Item
It can be risky to download files on my work computer.
Just because I can access a website at work, doesn´t mean that it´s safe.
If it helps me to do my job, it doesn´t matter what information I put on a website.
Item
It´s a good idea to regularly review my social media privacy settings.
It doesn´t matter if I post things on social media that I wouldn´t normally say in public.
It´s risky to post certain information about my work on social media.
Item
When working in a café, it´s safe to leave my laptop unattended for a minute.
It´s risky to send sensitive work files using a public Wi-Fi network
It´s risky to access sensitive work files on a laptop if strangers can see my screen.
Item
Disposing of sensitive print-outs by putting them in the rubbish bin is safe.
If I find a USB stick in a public place, nothing bad can happen if I plug it into my work computer.
It´s risky to leave print-outs that contain sensitive information on my desk overnight.
Item
If I ignore someone acting suspiciously in my workplace, nothing bad can happen.
Nothing bad can happen if I ignore poor security behavior by a colleague.
It´s risky to ignore security incidents, even if I think they´re not significant.

Behavior
Item
I use a different password for my social media and work accounts.
I share my work passwords with my colleagues.
I use a combination of letters, numbers and symbols in my work password.
Item
I don´t always click in links in emails just because they come from someone I know.
If an email from an unknown sender looks interesting, I click on a link within it.
I don´t open email attachments if the sender is unknown to me.
Item
I download any files onto my work computer that will help me get the job done.
When accessing the Internet at work, I visit any website that I want to.
I assess the safety of websites before entering information.
Item
I don´t regularly review my social media privacy settings.
I don´t post anything on social media before considering any negative consequences.
I post whatever I want about my work on social media.
Item
When working in a public place, I leave my laptop unattended.
I send sensitive work files using a public Wi-Fi network.
I check that strangers can´t see my laptop screen if I´m working on a sensitive document.
Item
When sensitive print-outs need to be disposed of, I ensure that they are shredded or destroyed.
I wouldn´t plug a USB stick found in a public place into my work computer.
I leave print-outs that contain sensitive information on my desk when I´m not there.
Item
If I saw someone acting suspiciously in my workplace, I would do something about it.
If I notice my colleague ignoring security rules, I wouldn´t take any action.
If I notice a security incident, I would report it.