MedISA Logo


Medical Centre Employee Centered Information Security Awareness


As part of the MedISA research, various instruments for measuring Information Security Awareness have been compiled in a catalogue, which can be used for further research and practical applications.

The compiled instruments provide evidence of reliability and validity; however, the scientific quality criteria vary. For more information, please refer to the associated publications.

Catalogue titles.catalogue | MedISA

Security Behavior Intentions Scale (SeBIS)

Authors: Egelman S., Peer E.
Publication Title: Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS).
Date: 2015

Language of Items: English
Number of Items: 16
Reliability: Composite reliability (0.64 - 0.78)
Validity: Construct, discriminant, and nomological validity

Response Specification: Five-point Likert scale (Strongly disagree to Strongly agree)

I set my computer screen to automatically lock if I don’t use it for a prolonged period of time.
I use a password/passcode to unlock my laptop or tablet.
I manually lock my computer screen when I step away from it.
I use a PIN or passcode to unlock my mobile phone.
I do not change my passwords, unless I have to.
I use different passwords for different accounts that I have.
When I create a new online account, I try to use a password that goes beyond the site’s minimum requirements.
I do not include special characters in my password if it’s not required.
When someone sends me a link, I open it without first verifying where it goes.
I know what website I’m visiting based on its look and feel, rather than by looking at the URL bar.
I submit information to websites without first verifying that it will be sent securely (e.g., SSL, “https://”, a lock icon).
When browsing websites, I mouseover links to see where they go, before clicking them.
If I discover a security problem, I continue what I was doing because I assume someone else will fix it.
When I’m prompted about a software update, I install it right away.
I try to make sure that the programs I use are up-to-date.
I verify that my anti-virus software has been regularly updating itself.