The information and communications technology security policies have been promoted for several years. However, people within or employees are seen as a critical factor for having excellent security implementation and should take their role seriously. With the increasing popularity of Electronic Records Management Systems （ERMS), the record management and information staff have become an integral part of the process. The purpose of this research is to develop an assessment questionnaire that includes two dimensions: cognitive importance and organization achievement level, that could assess the cybersecurity awareness of record management and information staff to investigate the comparison of these two groups. The study had a two-stage mixed-method design. First, the Delphi method involved a two-round consensus method to determine the questionnaire’s content. Second, the questionnaire survey method was applied to collect the research data of local authorities in Taoyuan City. In the first stage, the results indicated: （1) Scholars and experts from different backgrounds have a high consensus on cybersecurity issues; （2) The 10 mutually related aspects with 67 scale items which are account management, access control, system protection, mobile safety, internet behavior, electronic exchange, physical security, backup, adhere to policies and incident notification were identified. In the second stage, the results indicated: （1) The overall information security awareness is positive and consistent; （2) The score of the dimension of cognitive importance is slightly higher than the score of the dimension of organization achievement, and there is a significant positive correlation between the 2 dimensions and 10 aspects; （3) Only about 5% are unclear about the degree of compliance of agencies in information security operations. （4) People over 40 years old have a higher level of information security awareness than people under 40 years old; （5) People who have received education and training from government agencies have a higher level of information security awareness than people who have not received, but it is not limited to information categories; （6) There is no considerable difference of cybersecurity awareness among different job backgrounds in the total aspect, only reflected in the individual aspect; （7) There is no considerable difference in the level of information security awareness among the background of service years in the total aspect. Government agencies could use the assessment questionnaire established by the results of this study in conducting personnel security awareness assessments, and based on the findings of the study; some suggestions are provided for government agencies to plan information security education and training.