Within the context of information security (InfSec), human aspects have been receiving particular attention in research studies and business practices because of the fundamental role of the users. The objective of this research-in-progress is to develop a theoretical model of how human factors such as behavior with InfSec, familiarity with policies and procedures, awareness, organizational environment, and work conditions, contribute to InfSec breaches. The proposed model will be applied through interviews with CIO, multiple case studies and a survey of information system users in some South American countries and the USA. The sample will consist of end users of integrated web information systems (IS) in large organizations. An instrument will be designed and validated using qualitative and multivariate techniques. This research is intended to contribute towards identifying and managing the impact of human aspects on InfSec breaches.