LISA: A Scale-Optimized and Psychometrically-Validated Instrument for the Lightweight Assessment of Organizational Information Security Awareness in Heterogeneous Organizations

Abstract

Human factors are central to an organization’s information security. Information Security Awareness (ISA) is a key construct in behavioral and organizational models explaining employees’ security compliance. However, existing ISA measures often lack theoretical grounding, psychometric rigor, and organizational relevance, or are too lengthy and complex for practical application. These shortcomings hinder empirical testing of behavioral models and the integration of ISA as a variable in organizational research. This paper introduces the Lightweight Information Security Awareness (LISA) scale – the first theory-based, psychometrically validated, and cross-language scale for efficiently assessing ISA in heterogeneous organizational contexts, balancing measurement precision with practical feasibility. Validation involved 1,182 participants from survey panels and 579 employees of a large German university hospital, representing a heterogeneous workforce. LISA demonstrates high internal consistency, measurement invariance across English and German, and strong construct and ecological validity. By correlating LISA with 11 enablers and barriers of organizational information security and differentiating it by a heterogeneous workforce in a hospital context, we demonstrate its ability to support both scientific investigations and practical assessments. LISA provides a quick, reliable, valid, and practical solution for measuring organizational ISA, ultimately offering researchers and practitioners without psychometric expertise a validated tool that is applicable in both behavioral models and everyday organizational environments.