The Development of the Human Aspects of Information Security Questionnaire (HAIS-Q)

The Human Aspects of Information Security Questionnaire (HAIS-Q) is being developed using a hybrid inductive, exploratory approach, for the purpose of evaluating information security threats caused by employees within organisations. This study reports on the conceptual development and pre-testing of the HAIS-Q. Results from 500 Australian employees were then used to examine the reliability of the HAIS-Q, as well as the relationships between knowledge of policy and procedures, attitude towards policy and procedures and behaviour when using a work computer. Results indicate significant, positive relationships between all variables. However, both qualitative and quantitative results indicate the direct influence of knowledge of policy and procedure accounted for far less of the variance in self-reported behaviour than attitude towards policy and procedure. Implications for training and education campaigns and plans for future research to further develop this questionnaire are outlined.