Measuring the Information Security Awareness Level of Government Employees Through Phishing Assessment

Abstract

As an important institutional element, government information security is not only related to technical issues but also to human resources. Various types of information security instruments in an institution cannot provide maximum protection as long as employees still have a low level of information security awareness. This study aims to measure the level of information security awareness of government employees through case studies at the Directorate General of ABC (DG ABC) in Indonesia. This study used two methods, behavior approach through phishing simulation and knowledge approach through a questionnaire on a Likert scale. The simulation results were analyzed on a percentage scale and compared to the results of the questionnaire to determine the level of employees' information security awareness and determine which method was the best. Results show a significant relationship between the simulation results and the questionnaire results. Among the employees who opened the email, 69% clicked on the link that led to the camouflage page and through the questionnaire, it was found that the information security awareness level of DG ABC employees was at the level of 79.32% which was the lower limit of the GOOD category.