RSAM: A Questionnaire for Ransomware Security Awareness Measurement

Today ransomware is a significant security threat to both organizations and humans in the e-commerce and digital era. Poor human security awareness is a critical vulnerability that increases the risk of ransomware attacks. To protect against ransomware, an established and effective strategy is to improve the security awareness of employees and users about ransomware. To implement this strategy, in the first step, it is vital to measure the ransomware awareness of the users and, next, try to enhance the level of awareness through education, training, and knowledge sharing about the attack. To our best knowledge, there does not exist any questionnaire specially designed to assess ransomware awareness. In this paper, a novel questionnaire development process is presented and applied to produce a questionnaire for measuring security awareness about ransomware called RSAM. The Persian version of the questionnaire (RSAM-P) is developed and validated using a sample of 216 participants completing the questionnaire. The reliability and validity testing of the RSAM-P indicate that the questionnaire consisting of 21 questions is effective and reliable in assessing ransomware awareness. Moreover, in this paper, RSAM-E, the English version of the RSAM, is presented.