This paper overall aims to encourage researchers and managers to consider the role of human resource management (HRM) in the field of information security management (ISM) more seriously. This paper suggests that with more strategically active role of HRM through a combination of selection, training, and pay practices, organizations not only can manage people issues in ISM particularly security awareness and insider threats more effectively, but may be able to sustain competitive advantage of the organizations. This paper provides an initial framework and provokes thoughts on the topic for future researchers and practitioners in both ISM and HRM fields.