Measuring organizational information security awareness in South Africa

ABSTRACT Information is a valuable resource that organization may utilize in the current business environment. It is critical to comprehend the importance of information protection, as it safeguards the lifeline of the organization. All employees within organization should be aware of the organizational information security culture. Organizations should promote an information security awareness culture, so as to secure data as part of their critical infrastructure. Organizations should monitor and measure information security awareness levels among employees, with a number of international instruments. However, the validity of those instruments has not yet been determined in the South African context. As a consequence, the aim of this article is to validate one internationally accepted measurement instrument – the Human Aspects of Information Security-Questionnaire (HAIS-Q) in South Africa. The research sought to determine employees’ awareness levels, in order to make recommendations aimed at improving awareness in organizations. A survey was conducted whereby the data from 356 respondents were collected across industries, with a web-based questionnaire. To determine the factor structure of the scale under investigation, an exploratory factor analysis (EFA) and Cronbach’s alpha was used to establish the internal reliability of the HAIS-Q. T-tests and ANOVAs were used to identify significant differences between demographic groups.