Development and Validation of Users' Information Security Awareness Questionnaire (UISAQ)

Tena Velki, Krešimir Šolić, Krešimir Nenadić


Previous researches have shown that information systems' users are still the weakest link in information security area. Scientists did not yet develop some reliable instruments that measure the level of user's influence on information systems' security. The aim of the research was to develop a reliable and valid instrument for measuring a level of users' security awareness and its potentially risky behaviour. For research purposes, Users' Information Security Awareness Questionnaire (UISAQ; Velki & Solic, 2014; according to Velki, Šolić, & Očević, 2014) was developed and with that questionnaire data were collected in three waves. Participants in the first wave were 135 second-year students of undergraduate study on who we tested the construct validity, reliability and sensitivity of individual subscales, and from which we choose items. In the second wave, we had a sample of 211 both students and employees. In this wave, metric characteristics of improved version of UISAQ have been examined. Result was final version of UISAQ (k=33) split into two scales: Scale of computer users' potentially risky behaviour (k=17) [split into three subscales: Subscale of computer users' usual behaviour (k=6), Subscale of personal computer systems' maintenance (k=6) and Subscale of access data lending (k=5)] and Scale of information security knowledge (k=16) [split into three subscales: Subscale of level of security in communications (k=5), Subscale of belief into data security status (k=5) and Subscale of backup importance (k=6)]. The third wave was conducted on 152 employees and in this wave validation was concluded. We obtained good constructive validity, where all scales and subscales have good metric characteristics, and good criterion validity. This newly developed questionnaire has proved to be a reliable and valid instrument with proper psychometric characteristics.


validation; users' information security awareness; information security area; UISAQ


  • There are currently no refbacks.