Information security awareness level measurement for employee: Case study at ministry of research, technology, and higher education

Abstract

Ministry of Research, Technology, and Higher Education (MRTHE) is actively improving its information security to enhance public service. Employee's awareness on information security requires attention due to their contribution on the improvement. MRTHE should identify characteristics of employees on information security through Information Security Awareness (ISA) level measurement. Such characteristics could provide adequate analysis as consideration to establish feasible programs of ISA for employee. This study concerns to ISA level measurement for MERTHE's employee using seven focus areas of information security (password management, email usage, internet usage, social networking site usage, incident reporting, mobile computing, and information handling) with three variables of KAB model: Knowledge, Attitude, and Behavior. They are expanded into some criteria to examine employee's individual perception using Likert scale. As a result, 13 parameters out of 21 are classified as Good level of ISA. General score as representation of all parameters is 81.07 percent. It indicates that MRTHE's employee has performed positive knowledge, attitude, and behavior on information security. To enhance quality of measurement, this study conducts three hypotheses that actualized relationship among each variable. Since their relationships are proven empirically using regression linear examination, these hypotheses are acceptable. It reflects that on information security, knowledge has good influence to attitude and behavior while attitude also has good influence to behavior. Hence, MRTHE can initiate improvement of information security using programs with knowledge-based.