MAJOR ASSIGNMENT (SUBMITTED BY 2017SMF6685)

HUMAN ASPECTS IN INFORMATION SECURITY

ASSESSMENT REPORT
1. Data Analysis
(a) Before Reverse Scoring:
The Summary of 150 respondents who answered on a Likert Scale (1-5), with 1 being Strongly
Disagree & 5 being Strongly Agree, to the survey is shown below in categories of Knowledge,
Attitude & Behavior. The questions Q1, Q2, Q3 etc. above for every focus area corresponds to the
HAIS-Q which also reflects in the survey. The numbers represent the number of respondents for the
respective score on the Likert Scale. It is to be noted that question Q2’’ in the Behavior aspect which
is “I share my work passwords with colleagues” was missing in the survey link.

Questions of Survey mapped with the HAIS questionnaire/framework alongwith Nos. of Respondents for
every answer (1-5 on Likert Scale with 1(Strongly Disagree) & 5 (Strongly Agree))

Que. as Respondents Que. as Respondents for Que. as Respondents

Sr.
Focus Areas per for Knowledge per Attitude (Likert per for Behaviour
No.
HAIS-Q (Likert Scale) HAIS-Q Scale) HAIS-Q (Likert Scale)

1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
Q1 74 39 13 14 7 Q1' 81 45 10 8 3 Q1'' 10 6 14 58 59
1 Password Management Q2 82 38 10 14 2 Q2' 13 15 16 37 65 Q2''
Q3 3 3 19 46 75 Q3' 58 54 22 8 4 Q3'' 3 8 11 44 80
Q1 24 31 29 50 11 Q1' 30 54 31 21 8 Q1'' 5 26 22 60 32
2 Email use Q2 7 31 24 41 43 Q2' 83 42 13 4 4 Q2'' 39 52 16 29 10
Q3 46 27 20 41 11 Q3' 12 10 16 51 57 Q3'' 6 23 26 34 57
Q1 18 21 29 57 20 Q1' 6 9 27 64 39 Q1'' 20 29 29 49 18
3 Internet use Q2 5 6 18 58 58 Q2' 6 5 11 70 52 Q2'' 27 46 26 33 12
Q3 29 50 25 27 13 Q3' 48 58 17 13 7 Q3'' 7 19 27 46 44
Q1 3 8 23 64 45 Q1' 1 3 21 61 57 Q1'' 20 38 24 47 13
4 Social networking site use Q2 27 49 39 22 6 Q2' 42 48 39 9 5 Q2'' 7 9 20 68 39
Q3 42 51 19 23 7 Q3' 8 7 13 58 57 Q3'' 61 53 11 11 6
Q1 21 39 36 13 14 Q1' 74 44 17 4 4 Q1'' 84 42 9 5 3
5 Mobile computing Q2 46 42 23 26 6 Q2' 7 7 18 53 58 Q2'' 51 40 26 20 5
Q3 3 5 21 47 67 Q3' 4 8 14 59 58 Q3'' 3 5 22 67 46
Q1 58 52 13 14 4 Q1' 61 57 13 6 4 Q1'' 3 1 13 60 65
6 Information handling Q2 3 4 18 46 71 Q2' 71 47 18 5 1 Q2'' 3 4 20 41 74
Q3 56 53 20 10 3 Q3' 8 4 12 54 64 Q3'' 57 57 16 4 8
Q1 1 1 27 60 53 Q1' 49 69 17 4 3 Q1'' 4 4 24 75 35
7 Incident reporting Q2 10 14 19 63 36 Q2' 47 72 19 3 1 Q2'' 36 63 32 9 2
Q3 35 49 31 22 4 Q3' 8 10 14 67 43 Q3'' 6 2 21 65 48

Here, it becomes necessary to do Reverse Scoring for many questions which are negative in nature as
true insights can be drawn only if the all the questions are positive in nature. Reverse Scoring
essentially involves changing the answers having 5 score to 1 score, 4 score to 2 score and vice-versa.
(b) After Reverse Scoring:
The Reverse Scoring is carried out for the questions which are shaded in the table below. Hence, it is
kept blank. After the Reverse Scoring, the average of respondents who answered in each focus area

Page 1 of 3
 for every Likert Scale score is calculated. The sum of these average values equals the total nos. of
respondents. This is followed by calculation of percentage of every average respondent values for
every focus area across categories. The sum of these percentages equal 100%. The Overall average
and percentage in categories of Knowledge, Attitude & Behavior for all Likert Scale scores (1-5) is
also calculated at the end which reflects the overall scenario.

Questions of Survey mapped with the HAIS questionnaire/framework alongwith Nos. of Respondents for every answer (1-
5 on Likert Scale with 1(Strongly Disagree) & 5 (Strongly Agree))
Sr. Que. as Que. as Que. as
Respondents for Respondents for Respondents for
No Focus Areas per per per
Knowledge (Likert Scale) Attitude (Likert Scale) Behaviour (Likert Scale)
. HAIS-Q HAIS-Q HAIS-Q
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
Q1 7 14 13 39 74 Q1' 3 8 10 45 81 Q1'' 10 6 14 58 59
Q2 2 14 10 38 82 Q2' 13 15 16 37 65 Q2''
Password Q3 3 3 19 46 75 Q3' 4 8 22 54 58 Q3'' 3 8 11 44 80
1
Management Average 4 11 14 41 77 Average 7 11 16 46 68 Average 7 7 13 51 70
Percent Percent Percent
age 3% 7% 10% 28% 52% age 5% 7% 11% 31% 46% age 5% 5% 9% 34% 47%
Q1 11 50 29 31 24 Q1' 8 21 31 54 30 Q1'' 5 26 22 60 32
Q2 7 31 24 41 43 Q2' 4 4 13 42 83 Q2'' 10 29 16 52 39
Q3 11 41 20 27 46 Q3' 12 10 16 51 57 Q3'' 6 23 26 34 57
2 Email use
Average 10 41 25 33 38 Average 8 12 20 49 57 Average 7 26 22 49 43
Percent Percent Percent
age 7% 28% 17% 22% 26% age 5% 8% 14% 34% 39% age 5% 18% 15% 33% 29%
Q1 20 57 29 21 18 Q1' 6 9 27 64 39 Q1'' 18 49 29 29 20
Q2 5 6 18 58 58 Q2' 6 5 11 70 52 Q2'' 12 33 26 46 27
Q3 13 27 25 50 29 Q3' 7 13 17 58 48 Q3'' 7 19 27 46 44
3 Internet use
Average 13 30 24 43 35 Average 7 9 19 64 47 Average 13 34 28 41 31
Percent Percent Percent
age 9% 21% 17% 30% 24% age 5% 6% 13% 44% 32% age 9% 23% 19% 28% 21%
Q1 3 8 23 64 45 Q1' 1 3 21 61 57 Q1'' 13 47 24 38 20
Q2 6 22 39 49 27 Q2' 5 9 39 48 42 Q2'' 7 9 20 68 39
Social networking Q3 7 23 19 51 42 Q3' 8 7 13 58 57 Q3'' 6 11 11 53 61
4
site use Average 6 18 27 55 38 Average 5 7 25 56 52 Average 9 23 19 53 40
Percent Percent Percent
age 4% 13% 19% 38% 26% age 3% 5% 17% 39% 36% age 6% 16% 13% 37% 28%
Q1 21 39 36 13 14 Q1' 4 4 17 44 74 Q1'' 3 5 9 42 84
Q2 6 26 23 42 46 Q2' 7 7 18 53 58 Q2'' 5 20 26 40 51
Q3 3 5 21 47 67 Q3' 4 8 14 59 58 Q3'' 3 5 22 67 46
5 Mobile computing
Average 10 24 27 34 43 Average 5 7 17 52 64 Average 4 10 19 50 61
Percent Percent Percent
age 7% 17% 20% 25% 31% age 3% 5% 12% 36% 44% age 3% 7% 13% 35% 42%
Q1 4 14 13 52 58 Q1' 4 6 13 57 61 Q1'' 3 1 13 60 65
Q2 3 4 18 46 71 Q2' 1 5 18 47 71 Q2'' 3 4 20 41 74
Information Q3 3 10 20 53 56 Q3' 8 4 12 54 64 Q3'' 8 4 16 57 57
6
handling Average 4 10 17 51 62 Average 5 5 15 53 66 Average 5 3 17 53 66
Percent Percent Percent
age 3% 7% 12% 35% 43% age 3% 3% 10% 37% 46% age 3% 2% 12% 37% 46%

Q1 1 1 27 60 53 Q1' 3 4 17 69 49 Q1'' 4 4 24 75 35
Q2 10 14 19 63 36 Q2' 1 3 19 72 47 Q2'' 2 9 32 63 36
Q3 4 22 31 49 35 Q3' 8 10 14 67 43 Q3'' 6 2 21 65 48
7 Incident reporting
Average 5 13 26 58 42 Average 4 6 17 70 47 Average 4 5 26 68 40
Percent Percent Percent
age 3% 9% 18% 40% 29% age 3% 4% 12% 49% 33% age 3% 3% 18% 48% 28%
Overall Overall Overall
OVERALL Average 8 21 23 45 48 Average 6 9 19 56 58 Average 7 16 21 53 51
AVERAGE & Overall Overall Overall
PERCENTAGE Percent Percent Percent
age 6% 14% 16% 31% 33% age 4% 6% 13% 38% 39% age 5% 11% 14% 36% 34%
Note: Here shaded values are expressed as Reversed Scoring as the corresponding questions are negative

Page 2 of 3
The Overall Percentage of respondents in categories of Knowledge, Attitude & Behavior for Strongly
Disagree, Disagree, Neutral, Agree and Strongly Disagree across all the seven focus areas is depicted
below in the bar chart.

(c) Representativeness of Respondents:

The respondents of the survey belong to diverse cultures and different regions of the country like
Gujarat, Bangalore, Kolkata, Delhi etc. Also, they have different educational backgrounds of PhD,
Post-graduation and Under-graduation and have done specialisations like Marketing, Political
Science, IT, HRM, Computer Science, Economics etc. The Gender ratio of 80:20 (Male: Female) is
moderately fair.

The industry/ sectors where they had worked are diverse domains like ITES, Manufacturing, BPO,
Education, Healthcare, Infrastructure, consumer electronics, Telecom, Fintech etc. In terms of work
experience in years, maximum are having around 3 years of experience and the range is wide enough
from 0 months till around 30 years. Thus the respondents can be considered fairly representative of the
Human aspects in Information security at the organisation.

2. The Action Plan

As seen in the analysis table, the % of respondents in the 3 focus areas of E-mail use, Internet use
and Social Networking Site are least on the Likert Sale Score of 5, which represents Strongly Agree.
The figures are in the range of 24-26% in the Knowledge Category, 32-39% in the Attitude Category
and 21-29% in the Behavior Category. Hence, Training and counselling needs to be given to the
employees of the organisation with prime importance to these 3 focus areas.

Also, they lack more in the Knowledge and Behavior Category which implies that sufficient awareness
and monitoring needs to be carried out to ensure that they implement the security measures once they
are made aware. Repeated nudges and periodic online tests linked with small incentives like prizes,
coupons can also be of great utility.

As shown in the graph above, at the aggregate level of all focus areas, the % for Strongly Agree +
Agree, which indicates fair information security, hovers around 64%, 77% and 70 % for Knowledge,
Attitude and Behavior respectively. Hence, awareness programme coupled with occasional
monitoring should be sufficient enough to address information security concerns related to human
aspects and there is no need of extreme actions like warnings, penalties, suspensions, sacking etc.

Page 3 of 3