The purpose of this research is to improve the overall security of an organization by better understanding user behavior. The focus is on risk assessment of user behavior where in we will assess how users currently assess risks and how to educate them to better understand some of the risks of their online behavior. To this end, we are conducting a survey of a random sample from the university population. This survey will help researchers and campus policy makers better understand the factors that make faculty, staff, and students vulnerable to phishing attacks.