The concept that central management policies represent the best thinking and model behavior for the operation of the system drives its use in a corporate environment. The majority of home and small business personal computers are operated under conditions that are not governed by a central management policy. Security is still an important aspect to be maintained even if the environment is devoid of central management policies. Responsibility for keeping a system up-to-date falls upon the owner or operator of the system. The desire to maintain an appropriate security posture is based on numerous factors including the user’s perception of risk. The development of a model based on the theory of planned behavior, technology acceptance model, and the unified theory of acceptance and use of technology with additional factors for risk is proposed to address this gap in existing theory. This model will lead to a better understanding of user actions with respect to maintaining security on personal computers in an unmanaged setting.