Information security awareness measurement with confirmatory factor analysis

One of information security management elements is information security awareness program. Usually, this programs only involve the employees within the organization. Some organizations also consider security awareness for some parties outside the organization like providers, vendors, and contractors. This paper add consumers as variable to be considered in information security awareness program as there are also some threats for organization through them. Information security awareness will be measured from user's knowledge and behavior of five information security focus areas in telecommunication, especially related with smartphone users as one segment of telecommunication provider. In other researches, information security measurement from outside an organization is focused in Internet use by end-user. In telecommunication industry, information security threats for consumers not only from Internet, but also by phone call or texting. This research used CFA for data analysis method. The result showed that the indicators of knowledge dimension is not good enough to measure dimensions of knowledge where most of them are not significant. Meanwhile, behavior dimension gave different result with high significant value for measuring security awareness level. Indicators of behaviour dimension is good for measuring dimension of behaviour because only one indicator that isn't significant.