Development of Users´ Information Security Awareness Questionnaire (UISAQ) — Ongoing work

The user is still weakest link regarding information security matters, but studies on this subject are rare. The aim of this work is to develop general Users´ Information Security Awareness Questionnaire (UISAQ). Development consists of selecting suitable items for which is assumed that measure the level of security awareness and testing impact of each item in measurement. Questionnaire consisted of 4 parts with total of 37 items. Results showed that first part of questionnaire, that examine the common user´s risk behavior, should consist of 17 items (3 items had low factor loadings) separate in 3 subscales. Second part of questionnaire, which consisted of 6 items that measured the level of user´s information security, had high internal consistency (k=6, α=0.89) and a satisfactory factor loadings. Third part of questionnaire, which consisted of 5 items that measured the level of user´s beliefs about information security, should consist of 3 items (2 items significantly disrupted internal consistency) with high factor loadings and good internal consistency (α=0.76). Descriptive statistics showed that all the questions (n=6) in the fourth part of the questionnaire, which had examined the password quality and security, had a full range of answers and that normal distribution wasn´t significantly violated. Although developed questionnaire requires more work and validation, first results showed that UISAQ has potential to become a good and reliable measure of users´ security awareness in the future.