Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors. We present the creation of such a tool. We surveyed the most common computer security advice that experts offer to end-users in order to construct a set of Likert scale questions to probe the extent to which respondents claim to follow this advice.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Security Behavior Intentions Scale | NEW | yes | none | multiple rounds of validation and statistics | 5-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Privacy Concerns Scale | Buchanan et al., 2007 | no | none | none | no | ||
| Westin Index | Kumaraguru, 2005 | no | none | none | no | ||
| Internet users' information privacy concerns (IUIPC) | Malhotra et al., 2004 | no | none | none | no | ||
| Domain-Specific Risk-Taking Scale | Blais, 2006 | no | none | none | no | ||
| General Decision-Making Style | Scott, 1995 | no | none | none | no | ||
| Need for Cognition | Cacioppo et al., 1984 | no | none | none | no | ||
| Barratt Impulsiveness Scale | Patton, 1995 | no | none | none | no | ||
| Consideration for Future Consequences | Joireman et al., 2012 | no | none | none | no |
Serge Egelman and Eyal Peer. Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS). In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, CHI '15, 2873–2882. New York, NY, USA, 2015. ACM. doi:10.1145/2702123.2702249.
@inproceedings{egelman_scaling_2015,
abstract = {Despite the plethora of security advice and online education materials offered to end-users, there exists no standard measurement tool for end-user security behaviors. We present the creation of such a tool. We surveyed the most common computer security advice that experts offer to end-users in order to construct a set of Likert scale questions to probe the extent to which respondents claim to follow this advice. Using these questions, we iteratively surveyed a pool of 3,619 computer users to refine our question set such that each question was applicable to a large percentage of the population, exhibited adequate variance between respondents, and had high reliability (i.e., desirable psychometric properties). After performing both exploratory and confirmatory factor analysis, we identified a 16-item scale consisting of four sub-scales that measures attitudes towards choosing passwords, device securement, staying up-to-date, and proactive awareness.},
address = {New York, NY, USA},
author = {Egelman, Serge and Peer, Eyal},
booktitle = {Proceedings of the 33rd {{Annual ACM Conference}} on {{Human Factors}} in {{Computing Systems}}},
doi = {10.1145/2702123.2702249},
isbn = {978-1-4503-3145-6},
pages = {2873--2882},
publisher = {{ACM}},
series = {CHI '15},
shorttitle = {Scaling the {{Security Wall}}},
title = {Scaling the {{Security Wall}}: {{Developing}} a {{Security Behavior Intentions Scale}} ({{SeBIS}})},
year = {2015}
}