The purpose of this study was to determine the information security awareness and behaviors that faculty and staff report. A sample of 321 participants consisting of 164 faculty and 157 staff members from a public, state university located in the Southeastern United States. The results indicate that overall, faculty and staff had high to moderate levels of information security awareness and behaviors. An independent samples t-test found that there was no significant difference in security awareness, but there were four behaviors differences between faculty and staff. Participants that reported higher levels of security policy awareness demonstrated significantly more secure behaviors in ten of the 18 items measured. Given these findings, comprehensive security awareness training will be essential for institutions of higher education as a means of minimizing threats to information technology resources.