Im Rahmen der MedISA-Forschung wurden verschiedene Messinstrumente zur Erfassung der Information Security Awareness in einem Katalog zusammengestellt, die für weitere Forschungsarbeiten und praktische Anwendungen genutzt werden können.

Die zusammengestellten Instrumente bieten Hinweise auf Reliabilität und Validität, die wissenschaftlichen Gütekriterien sind jedoch von unterschiedlicher Qualität. Weitere Hinweise entnehmen Sie den dazugehörigen Publikationen.

Name: The Human Aspects of Information Security Questionnaire (HAIS-Q)

Authors: Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.

DOI: https://doi.org/10.1016/j.cose.2017.01.004
Added: 2017

Name: Simplified Information Security Awareness Scale (SISA)

Authors: Schmidt T., Nøhr C., Koppel R.

DOI: https://doi.org/10.3233/SHTI210248
Added: 2021

Name: Information Security Attitude Questionnaire for Nurses (ISA-Q)

Authors: Kang J., Seomun G.

DOI: https://doi.org/10.1002/nop2.1353
Added: 2022

Name: Four Measurement Scales (4-MS)

Authors: Öğütçü G., Testik Ö. M., Chouseinoglou O.

DOI: https://doi.org/10.1016/j.cose.2015.10.002
Added: 2016

Name: Mobile Information Security Awareness Scale (MISAS)

Authors: Erdoğdu F., Gökoğlu S., Kara M.

DOI: https://doi.org/10.1108/OIR-04-2020-0129
Added: 2021

Name: Security Behavior Intentions Scale (SeBIS)

Authors: Egelman S., Peer E.

DOI: https://doi.org/10.1145/2702123.2702249
Added: 2015

Name: SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS)

Authors: Aksu P. K., Kitapçi N. Ş., Çatar R. Ö., Mumcu G.

DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395
Added: 2015

Name: Cyber Security Awareness Scale Based on Recommendation of ENISA and the U.S. HHS (CSAS)

Authors: Hyla, Tomasz, Fabisiak, Luiza

DOI: http://hdl.handle.net/10125/64215
Added: 2020

Name: End-User Security Attitudes Scale (SA-6)

Authors: Faklaris C., Dabbish L., Hong, J. I.

DOI: https://www.usenix.org/conference/soups2019/presentation/faklaris
Added: 2019

Name: Security Awareness Scale for Health Care Information Systems (SAS-HIPAA)

Authors: Mishra, S., Leone, G. J., Caputo, D. J., Calabrisi, R. R.

DOI: https://doi.org/10.48009/1_iis_2011_224-236
Added: 2011

Name: Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS)

Authors: Fauzi, M. A., Yeng, P., Yang, B., Rachmayani, D.

DOI: https://doi.org/10.1145/3465481.3470094
Added: 2021

Katalog titles.catalogue | MedISA

SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS)

Autoren: Aksu P. K., Kitapçi N. Ş., Çatar R. Ö., Mumcu G.

Titel der Veröffentlichung: An Evaluation of Information Security from the Users’ Perspective in Turkey.

DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395

Jahr: 2015

Sprache der Items: Englisch

Anzahl an Items: 27

Reliabilität: Cronbach’s alpha (0.8157 - 0.9019)

Validität: Augenschein- und Konstruktvalidität

Antwort Spezifikation: Five-point Likert scale (1 = Strongly disagree, 2 = Disagree, 3 = Neutral, 4 = Agree, 5 = Strongly agree)

Item
Users may not logon / gain access to our systems without being formerly registered with their own user account.
We ensure that information processing facilities are only used for authorised business purposes.
Our organisation controls access to information via an access control policy which specifies which users have access to what data.
Despite being connected to public networks, we are confident that our systems are adequately protected by our internet service provider’s security and / or our own firewalling systems.
We are confident that our anti-virus systems are up to date and in the event of a virus outbreak, we should be able to protect our systems as best as possible.
In the event of a security incident, procedures clearly define what to do and who to call for assistance.
A password management system is in place which specifies the frequency of password changes as well as the minimum password complexity.
Appropriate mechanisms are in place to authenticate users logging onto our systems.

Item
There is a formal disciplinary process for employees who have violated our security policies and processes.
Staff have been trained to secure their computers at all times, when moving away from their work stations.
Staff are aware that security incidents must be reported to management immediately.
Expertise on information security is available internally and where not, external advice is sought.
We are confident that in the event of equipment failure, theft or site disaster, our data backups and storage would enable us to retrieve our information with minimal business interruption.

Item
Changes in the workflow with computer use, do not prevent the granting of the necessary importance to information security.
Information security process does not adversely affect the quality of service.
Information security is a priority issue among daily works.
Having more workload in a organisations does not prevent the granting of the necessary importance to information security

Item
A director (or equivalent) member of our staff has responsibility for information security.
There is a nominated person in our organisation who is expertise on information security.
Directors take care to improve information security in the organisation.
Staffs take care to improve information security in the organisation.
Staff are well informed as to what is considered to be acceptable and unacceptable usage of our information systems.

Item
Staff are aware of our information security policy.
We have a documented information security policy.
Roles and responsibilities for information security in our organization are well defined.
All staff are given adequate and appropriate information security education and training.

MedISA

Medical Centre Employee Centered Information Security Awareness

Katalog

SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS)

Instruktionen und Antwortvorgaben

Messinstrument

Access and Authorisation

Security Applications

Service Delivery

Organisational Security

Security Policy