Analysis of “Evaluation of Cybersecurity Culture and Awareness Scale (ECSCAS)” based on Polychotomous models of Item Response Theory (IRT)

Document Type : Original Research Article


Department of Psychology, Human Science Faculty, Islamic Azad University, Saveh Branch, Iran.


Recently, many private companies and government organizations worldwide have been facing the problem of cyber-attacks and the risk of wireless communication technologies. Today's world is highly dependent on electronic technology, and protecting this data against cyber-attacks is challenging. The goal of cyber-attacks is to harm companies financially, and in some cases, these attacks can have military or political goals. Therefore, the present research was conducted quantitatively to analyze the evaluation of cybersecurity culture and awareness scale in 2022 among the employees of the country bank. The statistical sample was 841 employees of bank branches. The research instrument was the "Evaluation of Cybersecurity Culture and Awareness" scale (2022), and the GRM model (common model in IRT for polychotomous data analysis) was used to analyze the data. The findings showed that all 34 items in this scale have a discriminative index, awareness index, and appropriate ability level in the target sample. Also, the highest level of awareness was between +1 and +2, and the maximum total awareness was equal to 70, which showed the desirability of the entire scale level. Examining the status of bank employees in relation to the culture and awareness of cybersecurity also showed that the status of bank employees is suitable in all 6 effective factors in promoting the culture and awareness of cybersecurity. Therefore, by using this tool, it is possible to measure the level of cybersecurity culture and awareness. In line with that, the necessary training and strategies can be carried out to improve and upgrade the existing situation in public and private organizations.


Main Subjects

[1] Y. Li. and Q. Liu, “A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments”, Energy Reports. vol. 1, no. 7, pp. 8176-8186, 2021, doi:
[2] A. Alzubaidi, “Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia”, Heliyon. vol. 1, no. 7(1), pp. e06016, 2021, doi:
[3] JV. Bino, “Cyber Security Awareness by Using Social Media Platforms Among Students”, International Journal of Research (IJR), vol. 8, no. 5, pp. 581-589, 2021, [Online]. Available:
[4] AI. Al-Alawi. and AS. Al-Bassam, “Assessing The Factors of Cybersecurity Awareness in the Banking Sector”, Arab Gulf Journal of Scientific Research. vol. 37, no. 4, pp. 17-32, 2019, doi:  
[5] K. W. HOE, "Culture and cyber security: How cultural tightness-looseness moderates the effects of threat and coping appraisals on mobile cyber hygiene," Doctoral dissertation, Singapore Management University, 2021. [Online]. Available:
[6] M. Sahraei., M. valavi., B. bayat. and A. Taraghi, “Provide a native model of cyber monitoring, monitoring and alerting based on the ooda cycle”, National Security, vol. 10, no. 37, pp. 473-512, 2020. [Online].  Available: (in Persian).
[7] F. Tavakoli., M. Mortazavi. and M. Keshavarztork, “Determining Strategic Factors Affecting the Prevention of Cybercrime with Fuzzy Delphi Approach”, Journal of Social Order, vol. 12, no. 4, pp.113-140, 2021. [Online]. Available: (in Persian).
[8] I. Progoulakis., N. Nikitakos., P. Rohmeyer., B. Bunin., D. Dalaklis., S. Karamperidis, “Perspectives on cyber security for offshore oil and gas assets”, Journal of Marine Science and Engineering. vol. 9, no. 2, pp.112, 2021, doi:
[9] D. Papatsaroucha., Y. Nikoloudakis., I. Kefaloukos., E. Pallis., E. Markakis, “A Survey on Human and Personality Vulnerability Assessment in Cyber-security: Challenges, Approaches, and Open Issues”, arXiv preprint arXiv:2106.09986, 2021. doi:
[10] B. Uchendu., JR. Nurse., M. Bada., S. Furnell, “Developing a cybersecurity culture: Current practices and future needs”, Computers & Security. vol. 1, no. 109, pp. 102387, 2021, doi:  
 [11] A. Georgiadou., S. Mouzakitis. and D. Askounis, “Working from home during COVID-19 crisis: a cyber security culture assessment survey”, Security Journal, vol. 35, no. 2, pp. 1-20, 2021, doi:
[12] A. Georgiadou, S. Mouzakitis, and D. Askounis, "Detecting Insider Threat via a Cyber-Security Culture Framework," Journal of Computer Information Systems, vol. 62, no. 4, pp. 706-716, 2022/07/04 2022, doi:   
[13] P.R. Trim, Y.I. Lee. “The global cyber security model: counteracting cyberattacks through a resilient partnership arrangement”, Big Data and Cognitive Computing, vol. 5, no. 3, pp. 32, 2021, doi:
[14] K.L. Bethel, “An Evaluation of Organizational Culture: Its Influence on Security Culture: A Case Study”, Doctoral dissertation, Northcentral University, 2020. [Online]. Available:
[15] T.A. Nguyen., K. Koblandin., S. Suleymanova and V. Volokh, “Effects of ‘Digital’Country’s Information Security on Political Stability”, Journal of Cyber Security and Mobility, vol. 12, no. 1, pp. 29-52, 2022, doi:
[16] A. Tolah., S.M. Furnell. and M. Papadaki, “An Empirical Analysis of the Information Security Culture Key Factors Framework”, Computers & Security, vol. 108, pp. 102354, 2021, doi:  
[17] S. Heydari., M. Barzegar., A. Mohammad Davoudi, “Factor structure analysis of the scale "Evaluation of cyber security culture and awareness" (case study: bank branch employees in Ahvaz city)”, Psychological Methods and Models Quarterly, vol. 14, no. 51, pp. 113-126, 2023, (In Persian)
[18] M. Ahmadi deh Ghutbuddini, E. khodai, V. Farzad, A. Moghadamzadeh and M. Kabiri, “Applying Bi-factor Multidimensional Item-response Theory Model for Dimensionality and Differential Items Functioning Analysis on Testlet-Based Tests”, Quarterly of Educational Measurement, vol. 7, no. 28, pp. 121-153, 2017, doi:, (In Persian).
[19] F. M. Lord, Applications of Item-Response Theory, translated by A. Delavar. and J. Yunesi, 2011. Tehran, Roshd Publications, 2011. (In Persian)
[20] Z. Jafari, “Cyber security”, In Proc. 7th national conference of new ideas in technology and engineering,  2021. [Online]. Available: (In Persian)
[21] MR. Eyvazi and MM. Dadashi Chekan, “Types of threats in the cyberspace and solutions to deal with them”, In Proc. second national cyber defense conference, 2019. [Online]. Available: (In Persian)
[22] N. A. A. Md Azmi, A. P. Teoh, A. Vafaei-Zadeh, and H. Hanifah, "Predicting information security culture among employees of telecommunication companies in an emerging market," Information & Computer Security, vol. 29, no. 5, pp. 866-882, 2021, doi:
[23] S. Hasan, M. Ali, S. Kurnia and R. Thurasamy, “Evaluating the cyber security readiness of organizations and its influence on performance”, Journal of Information Security and Applications, vol. 58, pp. 102726, 2021, doi:
[24] A. Georgiadou., S. Mouzakitis., D. Askounis, “Designing a cyber-security culture assessment survey targeting critical infrastructures during covid-19 crisis”, International Journal of Network Security & Its Applications (IJNSA) vol. 13, no. 1, pp. 33-50, 2021. [Online]. Available:
[25] K. Arbanas, M. Spremic, and N. Zajdela Hrustek, “Holistic framework for evaluating and improving information security culture”, Aslib Journal of Information Management, Vol. 73 No. 5, pp. 699-719, 2021, doi:  
[26] H. Kaviani, N. Mirsepasi and G. Me'marzadeh Tehran, “A Pattern for Strategic Development of Human Resources in the Field of Cyber Security of the Armed Forces of Islamic Republic of Iran”, Defence Studies, vol. 18, no. 1, pp. 37-66, 2020. [Online]. Available: (In Persian)
[27] Sh. Vahedi and T. Hajipoor, “Study of psychometric Properties of College Self-Efficacy Inventory among college students using confirmatory factor analysis (CFA) and Item Response Theory- (IRT)”, Quarterly of Educational Measurement, vol. 4, no. 16, pp. 173-192, 2014. [Online]. Available: (In Persian)