Im Rahmen der MedISA-Forschung wurden verschiedene Messinstrumente zur Erfassung der Information Security Awareness in einem Katalog zusammengestellt, die für weitere Forschungsarbeiten und praktische Anwendungen genutzt werden können.

Die zusammengestellten Instrumente bieten Hinweise auf Reliabilität und Validität, die wissenschaftlichen Gütekriterien sind jedoch von unterschiedlicher Qualität. Weitere Hinweise entnehmen Sie den dazugehörigen Publikationen.

Name: The Human Aspects of Information Security Questionnaire (HAIS-Q)

Authors: Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.

DOI: https://doi.org/10.1016/j.cose.2017.01.004
Added: 2017

Name: Simplified Information Security Awareness Scale (SISA)

Authors: Schmidt T., Nøhr C., Koppel R.

DOI: https://doi.org/10.3233/SHTI210248
Added: 2021

Name: Information Security Attitude Questionnaire for Nurses (ISA-Q)

Authors: Kang J., Seomun G.

DOI: https://doi.org/10.1002/nop2.1353
Added: 2022

Name: Four Measurement Scales (4-MS)

Authors: Öğütçü G., Testik Ö. M., Chouseinoglou O.

DOI: https://doi.org/10.1016/j.cose.2015.10.002
Added: 2016

Name: Mobile Information Security Awareness Scale (MISAS)

Authors: Erdoğdu F., Gökoğlu S., Kara M.

DOI: https://doi.org/10.1108/OIR-04-2020-0129
Added: 2021

Name: Security Behavior Intentions Scale (SeBIS)

Authors: Egelman S., Peer E.

DOI: https://doi.org/10.1145/2702123.2702249
Added: 2015

Name: SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS)

Authors: Aksu P. K., Kitapçi N. Ş., Çatar R. Ö., Mumcu G.

DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395
Added: 2015

Name: Cyber Security Awareness Scale Based on Recommendation of ENISA and the U.S. HHS (CSAS)

Authors: Hyla, Tomasz, Fabisiak, Luiza

DOI: http://hdl.handle.net/10125/64215
Added: 2020

Name: End-User Security Attitudes Scale (SA-6)

Authors: Faklaris C., Dabbish L., Hong, J. I.

DOI: https://www.usenix.org/conference/soups2019/presentation/faklaris
Added: 2019

Name: Security Awareness Scale for Health Care Information Systems (SAS-HIPAA)

Authors: Mishra, S., Leone, G. J., Caputo, D. J., Calabrisi, R. R.

DOI: https://doi.org/10.48009/1_iis_2011_224-236
Added: 2011

Name: Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS)

Authors: Fauzi, M. A., Yeng, P., Yang, B., Rachmayani, D.

DOI: https://doi.org/10.1145/3465481.3470094
Added: 2021

Katalog titles.catalogue | MedISA

Information Security Attitude Questionnaire for Nurses (ISA-Q)

Autoren: Kang J., Seomun G.

Titel der Veröffentlichung: Development and validation of the information security attitude questionnaire (ISA‐Q) for nurses.

DOI: https://doi.org/10.1002/nop2.1353

Jahr: 2022

Sprache der Items: Englisch

Anzahl an Items: 30

Reliabilität: Cronbach’s alpha (.64 - .89)

Validität: Inhalts-, Konstrukt-, diskriminante, und konvergente Validität

Antwort Spezifikation: A four-point questionnaire to rate information security attitude levels, ranging from 1 (Not at all) to 4 (very agreeable).

Item
I follow the reporting and processing procedures in case of accidental patient information leakage.
I carry out nursing work according to the medical institution's information security policy and system.
I am aware of natural disasters and emergency measures/ procedures.
I identify and observe the medical institution's policies for information security.
I follow the management protocol for patients' clinical information storage needs (external hard disk, USB, etc.).
I follow the prescribed procedure when reading special information, such as the patient's psychiatric information.
I immediately report any vulnerability to patients' clinical information security.
I facilitate communication with the computer security team in the event of a security issue.
I am aware of the location and use of firefighting equipment installed as preparedness for disasters.

Item
I do not share patients' clinical information without their consent.
When I share patients' clinical information on the job, I only expose the relevant contents to the concerned person.
I do not reveal patients' clinical information in a private setting.
I treat clinical information of patients, who apply for restriction of medical information, separately.
I do not look up patients' clinical information unless for the job.

Item
I am familiar with the legal responsibilities of nursing records.
I am trained in using patients' clinical information-related programs.
I have received employee emergency training for natural disasters and other disasters.
I learn about the importance of patients' clinical information security through nurse position training.
I identify and train the security status of successor nurses (or nursing students).

Item
I make sure the notation is encrypted when the patient's unique information is output.
I make sure the screen saver is active when I leave.
I confirm that the healthcare information system always remains available.
I ensure a stable supply of power to medical equipment and computer-related equipment

Item
It is desirable that the authority for reading patients' clinical information is applied according to my rank (or the department).
It is desirable that the right to access information be modified following my work status change (personnel transfer, retirement, etc.).
My medical information system access record should preferably be archived.
I change my password for business use regularly.

Item
I keep the printouts containing patients' clinical information strictly in the designated area.
I do not use others' ID and password when accessing patient clinical information systems.
I destroy prints related to patient clinical information when there is no use for them at work.

MedISA

Medical Centre Employee Centered Information Security Awareness

Katalog

Information Security Attitude Questionnaire for Nurses (ISA-Q)

Instruktionen und Antwortvorgaben

Messinstrument

Work systematicity

Promoting professional responsibility

Continuous education participation

Maintaining facility stability

Restricting access to information

Environmental control