Security awareness and its implementation within an organisation is crucial for preventing deliberate attacks or/and minimise system failures on organisation’s system especially where critical infrastructure is involved including energy, water, gas and etc. This study is based on Integrated System Theory (IST) and focuses on measuring and assessing security goals including policies, risk management, internal control and contingency management implemented in 101 organisations that operate Supervisory Control and Data Acquisition (SCADA) Systems. The data collected were analysed using structural equation modelling to test the structural and measurement model. The major finding of this study is that organisational information security goals are strongly related to the key measurement indicators, which include items assessing security policies, risk management, internal controls and contingency management.