Over the last decade, secondary schools have increased ICT usage in teaching and learning. The technological devices mostly belong to students and staff hence advancing the BYOD culture that makes the ability of the school to impose information security measures problematic especially with the growing number of cyber-attacks. This creates backdoor access to sensitive and personally identifiable information on students, staff and parents which if infiltrated by cyber criminals can be sold for profit or exchanged for large ransom payments. Unfortunately, secondary school teachers are yet to have comprehensive awareness of information security practices. The purpose of this paper is to provide a validated framework for information security awareness among secondary school teachers. A total of 172 respondents from 86 Kenyan secondary schools participated in this survey. The results show that the teachers lacked access to information security education and had little or no knowledge of basic information security awareness practices, roles, threats, risks and attacks, hence there is a need for a framework for information security awareness based on Endsley’s Theory of Situational Awareness. This study provides useful insights for policy and practice in the education sector on improving information security awareness of secondary school teachers.