Analysis of Information Security Awareness Levels Using Multiple Criteria Decision Analysis

Abstract

The rapid growth of digital transaction applications has transformed financial activities and increased reliance on electronic payment systems. However, the widespread use of these platforms also exposes users to various information security threats, including phishing, malware, and social engineering attacks that often exploit human vulnerabilities. Despite the increasing adoption of digital financial services, the level of information security awareness among users remains a critical issue that requires systematic evaluation. This study aims to measure and analyze the level of information security awareness among digital transaction application users in Surabaya. This research employs a quantitative approach using Multiple Criteria Decision Analysis (MCDA) integrated with the Knowledge, Attitude, and Behavior (KAB) model. The assessment framework is based on the Human Aspects of Information Security Questionnaire (HAIS-Q), which includes seven focus areas: password management, email usage, internet usage, social media usage, device usage, information handling, and incident reporting. Data were collected through an online questionnaire distributed to digital transaction users in Surabaya, resulting in 102 valid respondents. The results indicate that most focus areas fall into the low awareness category, including password management (53.73%), email usage (23.44%), internet usage (15.99%), social media usage (47.34%), device usage (47.63%), and incident reporting (45.57%). Only the information handling dimension reached a moderate awareness level with a score of 78.17%. These findings highlight the need for improved cybersecurity education and awareness programs to encourage safer digital transaction practices.