Hardware and software security mechanisms are widely used to strengthen information systems (IS) against attacks. However, these systems are still highly vulnerable to threats from users' undesirable behaviors, which are closely related to IS users' information security awareness. This study has been carried out in an effort to investigate the IS users' risky behaviors that may threaten information security. The preventive actions employed by users, the threats they may be exposed to, or whether they had an adverse experience or to what extent they perceive risks have also been investigated. Four scales: Risky Behavior Scale (RBS), Conservative Behavior Scale (CBS), Exposure to Offence Scale (EOS) and Risk Perception Scale (RPS), were developed depending on the data collected with the use of surveys. The scales developed from the content of the survey were applied to students, academics and administrative staff of a university, which also embodies hospitals and educational organizations located in different geographical and socio-economical regions of Turkey. On the base of developed scales, the results of the study show that there are significant differences within samples and according to the habits of Internet usage. (C) 2015 Elsevier Ltd. All rights reserved.