The government continually expresses concern that critical infrastructures are vulnerable to a host of electronic attacks and that people are the front line of defense. No previous academic research quantitatively measures security awareness in an organization. To accomplish this task an instrument must be developed. This study describes the development and administration of such an instrument that other studies can use to measure the level of security awareness in Information Systems staff to determine level of preparedness.