Developing a scale for measuring the information security awareness of stakeholders in higher education institutions

The field of information security is experiencing growing popularity within Higher Education Institutions (HEIs), reflecting the increasing recognition of its importance in safeguarding sensitive data, and mitigating cyber risks. This shift highlights the critical need for effective security practices within educational environments, where data protection and compliance are essential. Information Security Awareness (ISA) stands out as a pivotal technique in this regard; thus, measuring ISA becomes paramount for HEIs. In this work, we developed a measurement scale called the Academia InfoSec Awareness Scale (AIAS), which serves as a comprehensive tool designed to assess user ISA. Employing standard scale development procedures, we conducted five studies involving qualitative and quantitative methodologies to identify ISA dimensions and measurement items, establishing the reliability, and construct validity of the AIAS. By developing the ISA scale, we provide HEIs, practitioners, and policymakers with a valuable tool for measuring ISA among their key stakeholders. This study specifically targets key stakeholders of HEIs: students, academic staff, and non-academic staff, addressing the diverse perspectives and needs of these groups within the institution’s security landscape. Through initial Exploratory Factor Analysis (EFA), we unveiled the factor structure, which was subsequently confirmed by Confirmatory Factor Analysis (CFA), resulting in a final AIAS scale containing 16 items across five dimensions: knowledge, attitude, behavior, individual responsibility, and social influence. Identifying these dimensions provides a foundation for HEIs to develop targeted interventions that promote security awareness. Additionally, this research addresses a gap in the existing literature by investigating external influences, such as social influence and individual responsibility, on ISA. By integrating these factors, the AIAS offers a more comprehensive understanding of ISA and allows HEIs to tailor awareness programs to fit institutional needs effectively. To further evaluate the diversity of ISA perceptions within HEIs, Multigroup Analysis (MGA) was conducted, revealing significant differences among stakeholder groups. This analysis offers insights for policy development that is sensitive to user-specific requirements within HEIs, ensuring that all stakeholders’ perspectives are adequately addressed. In addition, Importance Performance Map Analysis (IPMA) highlighted critical ISA dimensions for each group, enabling policymakers and HEIs to prioritize resources towards the most impactful areas. These findings present valuable guidance for HEIs in implementing targeted, impactful security awareness interventions that foster an informed and resilient academic environment.