LISA: A Scale-Optimized and Psychometrically-Validated Instrument for the Lightweight Assessment of Organizational Information Security Awareness in Heterogeneous Organizations
Lade...
Datum
Autor:innen
Betreuer/Gutachter
Weitere Beteiligte
Beteiligte Institutionen
Herausgeber
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Lizenz
Zitierlink
Zusammenfassung
Human factors are central to an organization’s information security. Information Security Awareness (ISA) is a key construct in behavioral and organizational models explaining employees’ security compliance. However, existing ISA measures often lack theoretical grounding, psychometric rigor, and organizational relevance, or are too lengthy and complex for practical application. These shortcomings hinder empirical testing of behavioral models and the integration of ISA as a variable in organizational research. This paper introduces the Lightweight Information Security Awareness (LISA) scale – the first theory-based, psychometrically validated, and cross-language scale for efficiently assessing ISA in heterogeneous organizational contexts, balancing measurement precision with practical feasibility. Validation involved 1,182 participants from survey panels and 579 employees of a large German university hospital, representing a heterogeneous workforce. LISA demonstrates high internal consistency, measurement invariance across English and German, and strong construct and ecological validity. By correlating LISA with 11 enablers and barriers of organizational information security and differentiating it by a heterogeneous workforce in a hospital context, we demonstrate its ability to support both scientific investigations and practical assessments. LISA provides a quick, reliable, valid, and practical solution for measuring organizational ISA, ultimately offering researchers and practitioners without psychometric expertise a validated tool that is applicable in both behavioral models and everyday organizational environments.Verknüpfung zu Publikationen oder weiteren Datensätzen
Beschreibung
Anmerkungen
Accepted for publication in: 2026 IEEE Symposium on Security and Privacy (SP).