Our SIGCSE Virtual publication, Validation of an Instrument to Measure Self-Efficacy in Information Security, is now available for your reading pleasure. This paper, written by Joe Tise (IACE) and Monica McGill (IACE) was published at the first SIGCSE Virtual conference in 2024.
In this study, we investigated the underlying factor structure of a new self-efficacy for Information Security measure.
Given the K-12 Cybersecurity Education Framework is comprehensive, we scoped this instrument for measuring self-efficacy in Information Security
to focus specifically on Information Security for high school students. As a first step in our measure-development process, we tested the instrument with undergraduate students to gather preliminary evidence of validity based on internal structure (American Educational Research Association et al., 2014). Our future study will further test the instrument with high school students.
The Framework has five topics associated with InfoSec: CIA Triad, Access Control, Data Security, Threats & Vulnerabilities, and Cryptography. The CIA triad considers Confidentiality, Integrity, and Availability of information in a system.
We created the self-efficacy instrument by applying best-practice recommendations from the literature (Bandura, 2006). This included input from experts who provide professional development to teachers on how to teach infosec and who teach cybersecurity to students.
In total, we created a set of five scales composed of 37 items. We tested the instrument with undergraduate students (n=190). Participants were asked to rate their confidence in their abilities to do each stated action from 1 (Cannot do at all) to 7 (Highly certain can do). The internal reliability of the measure was very strong (alpha=0.99).
Upon model convergence in the exploratory factor analysis (EFA), we examined fit statistics for each of five alternative models (1-factor model to a 5-factor model). After examining the results, we found the four factor solution provided the best balance among total variance explained, distinct factors, overall model fit, and interpretability. Using this method, we pared the measure down from 37 items to 14 items so as to not overburden participants. We plan on retesting this with high school students in the future through confirmatory factor analysis.
You can read our paper here, and our new instrument is also now posted on our website.
Tise, J. C., & McGill, M. M. (2024, December). Validation of an Instrument to Measure Self-Efficacy in Information Security. In Proceedings of the 2024 on ACM Virtual Global Computing Education Conference V. 1 (pp. 214-220).
References
American Educational Research Association, American Psychological Association, & National Council on Measurement in Education. (2014). Standards for Educational and Psychological Testing. American Educational Research Association.
Bandura, A. (2006). Guide for constructing self-efficacy scales. In F. Pajares & T. Urdan (Eds.), Self-efficacy Beliefs of Adolescents (Issue 1, pp. 307–337). Information Age.