The Development of Cybersecurity Awareness Measurement Model in the Water Sector


  • Bryan S. Mufor Postgraduate School of Engineering Management, Department of Electrical Engineering Science, University of Johannesburg, South Africa
  • Annlizé Marnewick University of Johannesburg, South Africa
  • Suné von Solms University of Johannesburg, South Africa



cybersecurity, awareness, critical infrastructure


:Cyber-attacks are one of the main threats to information systems, and humans have been identified as the weakest link with regards to information security. This study aims to develop a measurement instrument to evaluate the level of cyber security awareness (CSA) in the water sector in South Africa. There are lots of synergies with regards to cyber system usage across industries, and as a result this study will take a broad base approach in configuring an instrument that can be used to adequately assess the sample space in question. Having a reliable instrument to measure cyber security awareness helps mitigate the failed attempts at preparing employees for imminent cyber disruptions by pin-pointing areas where the training is needed before campaigns can be organised. This study will show that the psychology of employees with respect to cyber security awareness is compartmentalised into three traits: knowledge, attitude, and behaviour. These three traits were assessed under the following eight focus areas to check employee resilience to cyber security: IS policy adherence, Password management, Email use, Internet use, social media use, mobile devices, information handling, and incident reporting. In practice, employees will be required to answer questions formulated under these focus areas to the evaluate their cyber security awareness (CSA) level. The model proposed in this paper was developed to test cybersecurity awareness in the water sector, but can be utilised in other sectors for cybersecurity awareness testing.