The success of an information security program is heavily dependent upon actions of organizational members that interact with the program. Because of this interaction an appropriate information security culture is required to influence and control the actions of members within that organization. There has been limited research conducted that assists organizations in understanding security culture and what influences it within the organization. To expand the body of knowledge, this study examines the security culture of a large organization that employs information systems for strategic advantage. The study follows qualitative case study methodology. Structuration theory is used as a theoretical basis to better understand how norms and allocation of power influence the actions of organizational members. Additionally, the study also explores how actions of these members in turn influence social structures within the context of security culture.