Navigation auf uzh.ch

Suche

Information security

Awareness

Measuring the awareness level of employees is a challenge. Measuring click rates on phishing emails or metrics from IT and IT security say very little about people's actual behavior in all kinds of cybersecurity-relevant situations.

Research in this area comes almost exclusively from psychology and sees two possibilities for measurement:
> Monitoring employees and observing their actual behavior, which no one wants to do outside of research scenarios
> The recording of behavior via people's self-assessment, i.e. through questionnaires or interviews.

There are numerous tested questionnaires from the field of psychology, which are notable for the fact that they ask the same questions several times in different ways in order to iron out the known biases of questionnaires (poorly asked or misunderstood questions, self-representation of the respondents and so on). These questionnaires all have one additional thing in common: they are very long and are therefore rarely used in reality.

This is why we at UZH use a newly developed measurement method that combines questionnaires and metrics, thus reducing the burden on employees caused by excessively long questionnaires and shifting it to the preparation time for the measurement. The measurement also provides more accurate results, which has a positive impact on the measures planned for the future.

In the long term, cybersecurity awareness aims to establish a security culture.

Weiterführende Informationen

Guilds for Networking and for Coordinating Awareness Measures

If you have any questions, please contact your representative in the guild.