Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)
详细信息 查看全文
- 作者:Kathryn Parsonsa ; kathryn.parsons@dsto.defence.gov.au" class="auth_mailAuthor Vitae ; Agata McCormaca ; agata.mccormac@dsto.defence.gov.au" class="auth_mailAuthor Vitae ; Marcus Butaviciusa ; marcus.butavicius@dsto.defence.gov.au" class="auth_mailAuthor Vitae ; Malcolm Pattinsonb ; malcolm.pattinson@adelaide.edu.au" class="auth_mailAuthor Vitae ; Cate Jerramb ; cate.jerram@adelaide.edu.au" class="auth_mailAuthor Vitae
- 关键词:Information security ; Security behaviours ; Questionnaire design ; Cyber security ; Hybrid research
- 刊名:Computers and Security
- 出版年:May, 2014
- 年:2014
- 卷:42
- 期:Complete
- 页码:165-176
- 全文大小:644 K
文摘
It is increasingly acknowledged that many threats to an organisation's computer systems can be attributed to the behaviour of computer users. To quantify these human-based information security vulnerabilities, we are developing the Human Aspects of Information Security Questionnaire (HAIS-Q). The aim of this paper was twofold. The first aim was to outline the conceptual development of the HAIS-Q, including validity and reliability testing. The second aim was to examine the relationship between knowledge of policy and procedures, attitude towards policy and procedures and behaviour when using a work computer. Results from 500 Australian employees indicate that knowledge of policy and procedures had a stronger influence on attitude towards policy and procedure than self-reported behaviour. This finding suggests that training and education will be more effective if it outlines not only what is expected (knowledge) but also provides an understanding of why this is important (attitude). Plans for future research to further develop and test the HAIS-Q are outlined.