The development of Information and Communication Technologies (ICTs) is becoming very common throughout society. Therefore, it is a must to protect information assets. In addition to the technological aspect, research continues to confirm the need to enhance security awareness among employees. The objective of this study is to investigate the factors that may impact users’ practice and awareness both in the workplace. Specifically, factors such as policy, behavior, training, knowledge of IT and education were tested. In addition, the second objective of this study is to investigate the information security awareness and practice level among the employees. To achieve the study objectives, a quantitative methodology was applied; specifically a survey instrument was developed to measure if each of the key factors has a significant association within the security awareness and practice in the workplace. 202 usable surveys were collected from higher education employees and analyzed using Bivariate/Pearson Correlation to determine the relationship between the independent variable and the dependent variable. The findings of the study revealed that there was a positive correlation between policy, behavior, training, knowledge of IT and education with security awareness and practice These results indicated that security awareness and practice level of employees' in the workplace at the middle level. It is hoped that the present study provides an initial step to focus on security training sessions among higher education employees to reflect new knowledge on the importance of security training to increase the knowledge of information security.