Rohan Rohani, Pal Debajyoti, Hautamäki Jari, Funilkul Suree, Chutimaskul Wichian, Thapliyal Himanshu
School of Information Technology, King Mongkut's University of Technology Thonburi, Bangkok 10140, Thailand.
Innovative Cognitive Computing Research Center (IC2), King Mongkut's University of Technology Thonburi, Bangkok 10140, Thailand.
Heliyon. 2023 Mar 5;9(3):e14234. doi: 10.1016/j.heliyon.2023.e14234. eCollection 2023 Mar.
Information Security Awareness (ISA) is a significant concept that got considerable attention recently and can assist in minimizing the risks associated with information security breaches. Several measurement scales have been developed in this regard, as measuring users' ISA is paramount. Although ISA specific scales are very important, yet what methodological rigor they use in terms of initial conceptualization of ISA, data collection and analysis during the development, and scale validation of such scales are some unknown aspects. Therefore, we provide a comprehensive review of the existing ISA specific scales to address all the above concerns. A popular method, PRISMA, is utilized, and a total of 24 articles that match with criteria of this research are included for the final in-depth analysis. Also, a holistic evaluation framework is developed containing three phases and 19 criteria. Findings revealed that most studies treat ISA as a multi-dimensional construct, and ISA researchers rarely conduct both pilot testing and pre-text evaluation while validating and refining the initial scales. Additionally, several articles did not report some of the essential elements used for checking the rigor of factor analysis, and evidence for validities of the identified scales is inadequate. Consequently, existing ISA specific scales must be improved both in terms of the methodological thoroughness of the scale development procedure and their validities. Moreover, not only justifying why the development of a new scale is necessary, but also improving the quality of the existing scales by doing multiple iterations is significant in the future. Likewise, the inclusion of all the dimensions of ISA, while generating the initial items pool is an important aspect to be considered. A thorough discussion, recommendations for future research, conclusions, and study limitations are provided.
信息安全意识(ISA)是一个最近受到广泛关注的重要概念,它有助于将与信息安全漏洞相关的风险降至最低。在这方面已经开发了几种测量量表,因为测量用户的信息安全意识至关重要。尽管特定于信息安全意识的量表非常重要,但它们在信息安全意识的初始概念化、开发过程中的数据收集和分析以及此类量表的量表验证方面所使用的方法严谨性仍是一些未知的方面。因此,我们对现有的特定于信息安全意识的量表进行了全面综述,以解决上述所有问题。我们采用了一种流行的方法——PRISMA,总共纳入了24篇符合本研究标准的文章进行最终的深入分析。此外,还开发了一个包含三个阶段和19个标准的整体评估框架。研究结果表明,大多数研究将信息安全意识视为一个多维度的结构,并且信息安全意识研究人员在验证和完善初始量表时很少同时进行预测试和文本前评估。此外,几篇文章没有报告用于检查因子分析严谨性的一些基本要素,并且所确定量表有效性的证据不足。因此,现有的特定于信息安全意识的量表必须在量表开发程序的方法彻底性及其有效性方面加以改进。此外,不仅要说明开发新量表的必要性,而且通过多次迭代提高现有量表的质量在未来也很重要。同样,在生成初始项目池时纳入信息安全意识的所有维度是一个需要考虑的重要方面。本文还提供了深入的讨论、对未来研究的建议、结论以及研究局限性。
