MedISA
Medical Centre Employee Centered Information Security Awareness
Catalogue
As part of the MedISA research, various instruments for measuring Information Security Awareness have been compiled in a catalogue, which can be used for further research and practical applications. The compiled instruments provide evidence of reliability and validity; however, the scientific quality criteria vary. For more information, please refer to the associated publications.
Name: The Human Aspects of Information Security Questionnaire (HAIS-Q) DOI: https://doi.org/10.1016/j.cose.2017.01.004
Added: 2017
Added: 2017
Name: Simplified Information Security Awareness Scale (SISA) DOI: https://doi.org/10.3233/SHTI210248
Added: 2021
Added: 2021
Name: Information Security Attitude Questionnaire for Nurses (ISA-Q) DOI: https://doi.org/10.1002/nop2.1353
Added: 2022
Added: 2022
Name: Mobile Information Security Awareness Scale (MISAS) DOI: https://doi.org/10.1108/OIR-04-2020-0129
Added: 2021
Added: 2021
Name: Security Behavior Intentions Scale (SeBIS) DOI: https://doi.org/10.1145/2702123.2702249
Added: 2015
Added: 2015
Name: SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS) DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395
Added: 2015
Added: 2015
Name: Cyber Security Awareness Scale Based on Recommendation of ENISA and the U.S. HHS (CSAS) DOI: http://hdl.handle.net/10125/64215
Added: 2020
Added: 2020
Name: End-User Security Attitudes Scale (SA-6) DOI: https://www.usenix.org/conference/soups2019/presentation/faklaris
Added: 2019
Added: 2019
Name: Security Awareness Scale for Health Care Information Systems (SAS-HIPAA) DOI: https://doi.org/10.48009/1_iis_2011_224-236
Added: 2011
Added: 2011
Name: Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS) DOI: https://doi.org/10.1145/3465481.3470094
Added: 2021
Added: 2021
Information Security Attitude Questionnaire for Nurses (ISA-Q)
Response Specification: A four-point questionnaire to rate information security attitude levels, ranging from 1 (Not at all) to 4 (very agreeable).
| Item |
|---|
| I follow the reporting and processing procedures in case of accidental patient information leakage. |
| I carry out nursing work according to the medical institution's information security policy and system. |
| I am aware of natural disasters and emergency measures/ procedures. |
| I identify and observe the medical institution's policies for information security. |
| I follow the management protocol for patients' clinical information storage needs (external hard disk, USB, etc.). |
| I follow the prescribed procedure when reading special information, such as the patient's psychiatric information. |
| I immediately report any vulnerability to patients' clinical information security. |
| I facilitate communication with the computer security team in the event of a security issue. |
| I am aware of the location and use of firefighting equipment installed as preparedness for disasters. |
| Item |
|---|
| I do not share patients' clinical information without their consent. |
| When I share patients' clinical information on the job, I only expose the relevant contents to the concerned person. |
| I do not reveal patients' clinical information in a private setting. |
| I treat clinical information of patients, who apply for restriction of medical information, separately. |
| I do not look up patients' clinical information unless for the job. |
| Item |
|---|
| I am familiar with the legal responsibilities of nursing records. |
| I am trained in using patients' clinical information-related programs. |
| I have received employee emergency training for natural disasters and other disasters. |
| I learn about the importance of patients' clinical information security through nurse position training. |
| I identify and train the security status of successor nurses (or nursing students). |
| Item |
|---|
| I make sure the notation is encrypted when the patient's unique information is output. |
| I make sure the screen saver is active when I leave. |
| I confirm that the healthcare information system always remains available. |
| I ensure a stable supply of power to medical equipment and computer-related equipment |
| Item |
|---|
| It is desirable that the authority for reading patients' clinical information is applied according to my rank (or the department). |
| It is desirable that the right to access information be modified following my work status change (personnel transfer, retirement, etc.). |
| My medical information system access record should preferably be archived. |
| I change my password for business use regularly. |
| Item |
|---|
| I keep the printouts containing patients' clinical information strictly in the designated area. |
| I do not use others' ID and password when accessing patient clinical information systems. |
| I destroy prints related to patient clinical information when there is no use for them at work. |