Measurement of Employee Information Security Awareness: A Case Study of National Civil Service Agency

Abstract

National Civil Service Agency is a State institution tasked with the role and function of overseeing and implementing national civil servant management using information technology. There are 4.2 million civil servant data distributed throughout Indonesia that must be safeguarded by BKN. As the utilization of information systems grows, it also leads to an increase in information security risks. Based on the reports from Id-SIRTII/CC and BKN's internal report, there has been an increase in cyber attacks targeting BKN. In addition, there are other types of attacks that occur, such as online defacement, phishing, DDOS, and employee data theft, as well as the presence of employees who are still indifferent to information security. Based on this, the objective of this research is to measure the level of information security awareness among BKN employees and identify the factors that influence it. The Human Aspects of Information Security Questionnaire (HAIS-Q) using the Knowledge, Attitude, and Behavior (KAB) model was selected for measurement, with an additional focus on the Management of Information Systems/Technology Assets, consisting of a total of 75 statements. The quantitative measurements conducted yielded a result of 88.80% for the level of information security awareness among BKN employees, categorized as good. Furthermore, there is a significant influence on information security awareness from the dimensions of knowledge towards attitude, attitude towards behavior, and knowledge towards behavior.