This paper is an attempt to develop a model that explores the factors that affect the frequency of violations of information security policies (ISPs). Additionally, it examines the moderating effect of cultural attributes on the frequency of ISP violations. Does national culture affect the way managers and employees perceive and practice ISPs? If we understand why ISPs are violated, perhaps we can deter future violations before they occur. We look at three groups of factors and the impact they have on the frequency of violations of ISPs. The factors examined are 1) the individual characteristics and capabilities of employees, 2) the information security policy (ISP) itself and 3) management issues. Finally, the study examines the moderating effect of Hofstede’s cultural dimensions (uncertainty avoidance, individualism/collectivism, and power distance) on the proposed model.