MedISA Logo

MedISA

Medical Centre Employee Centered Information Security Awareness

Catalogue

As part of the MedISA research, various instruments for measuring Information Security Awareness have been compiled in a catalogue, which can be used for further research and practical applications.

The compiled instruments provide evidence of reliability and validity; however, the scientific quality criteria vary. For more information, please refer to the associated publications.

Cataloguetitles.catalogue | MedISA

Hospital Staff’s Risky Cybersecurity Practices Scales (RCSPS)

Authors: Fauzi, M. A., Yeng, P., Yang, B., Rachmayani, D.
Publication Title: Examining the Link Between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia.
DOI: https://doi.org/10.1145/3465481.3470094
Date: 2021

Language of Items: English
Number of Items: 14
Reliability: Cronbach’s alpha = 0.732
Validity: Content validity


Response Specification: The scale asked participants to rate, on a scale of 0 to 4 (0 = Disagree, 1 = Slightly disagree, 2 = Neutral, 3 = Slightly agree, and 4 = Agree), how often they engaged in the specific practices in the last month.

Item
In the last month, I usually write my user name and passwords on a piece of paper and stick the paper onto my computer for easy access.
In the last month, I sometimes visit at least one of the following websites using the hospital’s computer: social media; Dropbox and other public file storage systems; online music or videos sites; online newspapers and magazines; personal e-mail accounts; games; instant messaging services, etc.
In the last month, I did not often read the alert messages/emails concerning security.
In the last month, I sometimes click on a link in an email from an unknown sender.
In the last month, I usually postpone software updating activities (restarting, clicking to run an update, accepting to update or follow update schedule) of my computers at my workplace.
In the last month, I usually postpone backup activities when I am prompted.
In the last month, I usually do not prevent my colleagues from seeing patients’ records for a non-therapeutic purpose when I am working on a patients information on my laptop.
In the last month, I did not post patient information on social media.
In the last month, I sometimes share my passwords with my colleagues in hospital.
In the last month, I usually do not take any action when I notice my colleague ignoring information security rules.
In the last month, I usually talk about the patient condition in a shared patient ward in a hospital.
In the last month, I usually dispose of sensitive personal health information (patients diagnosis and personal data) in the hospital.
In the last month, I used a combination of letters, numbers, and symbols in my work passwords.
In the last month, I have changed my passwords.