MedISA
Medical Centre Employee Centered Information Security Awareness
Katalog
Im Rahmen der MedISA-Forschung wurden verschiedene Messinstrumente zur Erfassung der Information Security Awareness in einem Katalog zusammengestellt, die für weitere Forschungsarbeiten und praktische Anwendungen genutzt werden können. Die zusammengestellten Instrumente bieten Hinweise auf Reliabilität und Validität, die wissenschaftlichen Gütekriterien sind jedoch von unterschiedlicher Qualität. Weitere Hinweise entnehmen Sie den dazugehörigen Publikationen.
Name: The Human Aspects of Information Security Questionnaire (HAIS-Q) DOI: https://doi.org/10.1016/j.cose.2017.01.004
Added: 2017
Added: 2017
Name: Simplified Information Security Awareness Scale (SISA) DOI: https://doi.org/10.3233/SHTI210248
Added: 2021
Added: 2021
Name: Information Security Attitude Questionnaire for Nurses (ISA-Q) DOI: https://doi.org/10.1002/nop2.1353
Added: 2022
Added: 2022
Name: Mobile Information Security Awareness Scale (MISAS) DOI: https://doi.org/10.1108/OIR-04-2020-0129
Added: 2021
Added: 2021
Name: Security Behavior Intentions Scale (SeBIS) DOI: https://doi.org/10.1145/2702123.2702249
Added: 2015
Added: 2015
Name: SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS) DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395
Added: 2015
Added: 2015
Name: Cyber Security Awareness Scale Based on Recommendation of ENISA and the U.S. HHS (CSAS) DOI: http://hdl.handle.net/10125/64215
Added: 2020
Added: 2020
Name: End-User Security Attitudes Scale (SA-6) DOI: https://www.usenix.org/conference/soups2019/presentation/faklaris
Added: 2019
Added: 2019
Name: Security Awareness Scale for Health Care Information Systems (SAS-HIPAA) DOI: https://doi.org/10.48009/1_iis_2011_224-236
Added: 2011
Added: 2011
Name: Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS) DOI: https://doi.org/10.1145/3465481.3470094
Added: 2021
Added: 2021
Security Awareness Scale for Health Care Information Systems (SAS-HIPAA)
Antwort Spezifikation: Five-point Likert scale (1 = Strongly agree, 2 = Agree, 3 = Tend to agree, 4 = Disagree, 5 = Strongly disagree). Note: The statistical composition of items depends on the research question. See publication for more details.
| Item |
|---|
| In my organization, there is a predefined agreed upon plan for security and privacy compliance efforts. |
| There is a prevalent security culture where individuals look out for each other in my organization. |
| Creating security awareness is an ongoing process in my organization. |
| There is visible leadership about seriousness of security assurance efforts in my organization. |
| In my organization, there are adequate internal controls (policies, procedures, training, encryption, access restrictions) to provide security and privacy of health records. |
| Auditing is viewed as a necessary complimentary action to improve the security initiatives in my organization. |
| Security policies and procedures are easily accessible and comprehendible in my organization. |
| In my organization, there is an emphasis on establishing open communication channels about security issues without the fear of reprisal. |
| We emphasize having informal meetings and discussions about importance of managing security and privacy of the records in my organization. |
| In my organization, security controls (encryption, access control, password policy, segregation of duty) are viewed as a necessary component for security. |
| Access to the system is based on the role that I play in the organization. |
| Training about security measures is provided regularly to the staff/personnel in my organization. |
| In my organization, security policies and procedures are periodically reviewed to assess if the policies meet the changing organizational needs. |
| There exists a clear structure for disciplinary action in case of noncompliance with policies and procedures in my organization. |
| In my organization, there is an emphasis on establishing open communication channel about security issues without the fear of reprisal. |
| I am required to read the security policies frequently (Quarterly, bi-anually, annually) in my organization. |
| In my organization, I have frequent communication about social engineering issues and am aware of how such tactics can create vulnerability for our system. |
| In my organization, I understand what information I have access to and why? |
| I am required to access health information only through approved devices and software in the organization. |
| I am allowed to use removable storage media from outside on my machine in the organization. |
| In my organization, I am required to take permission to use social networking sites. |
| I am aware of the procedure about what to do when my system has malware in my organization. |
| Access to the system is based on the role that I play in the organization. |
| I am required to report any misuse of information (that I am in-charge of) or its inappropriate access. |
| I am aware of the password policy that I have to comply with, in my organization. |
| I frequently receive communication about acceptable security behavior in my organization. |
| In my organization, there is an ongoing effort on training and education of employees about security issues. |