MedISA
Medical Centre Employee Centered Information Security Awareness
Catalogue
As part of the MedISA research, various instruments for measuring Information Security Awareness have been compiled in a catalogue, which can be used for further research and practical applications. The compiled instruments provide evidence of reliability and validity; however, the scientific quality criteria vary. For more information, please refer to the associated publications.
Name: The Human Aspects of Information Security Questionnaire (HAIS-Q)
DOI: https://doi.org/10.1016/j.cose.2017.01.004
Added: 2017
Added: 2017
Name: Simplified Information Security Awareness Scale (SISA)
DOI: https://doi.org/10.3233/SHTI210248
Added: 2021
Added: 2021
Name: Information Security Attitude Questionnaire for Nurses (ISA-Q)
DOI: https://doi.org/10.1002/nop2.1353
Added: 2022
Added: 2022
Name: Mobile Information Security Awareness Scale (MISAS)
DOI: https://doi.org/10.1108/OIR-04-2020-0129
Added: 2021
Added: 2021
Name: Security Behavior Intentions Scale (SeBIS)
DOI: https://doi.org/10.1145/2702123.2702249
Added: 2015
Added: 2015
Name: SABS ISO/IEC 17799 Scale with Focus on Hospitals (SIIS)
DOI: https://www.cabidigitallibrary.org/doi/full/10.5555/20163074395
Added: 2015
Added: 2015
Name: Cyber Security Awareness Scale Based on Recommendation of ENISA and the U.S. HHS (CSAS)
DOI: http://hdl.handle.net/10125/64215
Added: 2020
Added: 2020
Name: End-User Security Attitudes Scale (SA-6)
DOI: https://www.usenix.org/conference/soups2019/presentation/faklaris
Added: 2019
Added: 2019
Name: Security Awareness Scale for Health Care Information Systems (SAS-HIPAA)
DOI: https://doi.org/10.48009/1_iis_2011_224-236
Added: 2011
Added: 2011
Name: Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS)
DOI: https://doi.org/10.1145/3465481.3470094
Added: 2021
Added: 2021
Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS)
Response Specification: The scale asked participants to rate, on a scale of 0 to 4 (0 = Disagree, 1 = Slightly disagree, 2 = Neutral, 3 = Slightly agree, and 4 = Agree), how often they engaged in the specific practices in the last month.
| Item |
|---|
| In the last month, I usually write my user name and passwords on a piece of paper and stick the paper onto my computer for easy access. |
| In the last month, I sometimes visit at least one of the following websites using the hospital’s computer: social media; Dropbox and other public file storage systems; online music or videos sites; online newspapers and magazines; personal e-mail accounts; games; instant messaging services, etc. |
| In the last month, I did not often read the alert messages/emails concerning security. |
| In the last month, I sometimes click on a link in an email from an unknown sender. |
| In the last month, I usually postpone software updating activities (restarting, clicking to run an update, accepting to update or follow update schedule) of my computers at my workplace. |
| In the last month, I usually postpone backup activities when I am prompted. |
| In the last month, I usually do not prevent my colleagues from seeing patients’ records for a non-therapeutic purpose when I am working on a patients information on my laptop. |
| In the last month, I did not post patient information on social media. |
| In the last month, I sometimes share my passwords with my colleagues in hospital. |
| In the last month, I usually do not take any action when I notice my colleague ignoring information security rules. |
| In the last month, I usually talk about the patient condition in a shared patient ward in a hospital. |
| In the last month, I usually dispose of sensitive personal health information (patients diagnosis and personal data) in the hospital. |
| In the last month, I used a combination of letters, numbers, and symbols in my work passwords. |
| In the last month, I have changed my passwords. |