Abstract

Cyberattacks and data breaches lead to high costs for organizations worldwide. Information security education and training awareness programs are one of the most important countermeasures. Here, assessing individuals' level of information security awareness is a crucial task. Regarding this, one of the major challenges is to measure security behavior, a core dimension of security awareness. This is because it is often assessed indirectly through questionnaires, which could bias metrics. Therefore, our overarching goal is to develop a more holistic metric that considers and integrates actual human behavior. In this design science research study, we present the status quo of our research, namely a prototypical instance for such a measurement approach, and initial meta-requirements based on two design iterations and pilot tests: a scavenger hunt to measure the consequences of real-world interactions, based on the Human-Aspect-of-Information-Security-Questionnaire as a scientific foundation.

Share

COinS