Information security policy effectiveness relies on how well an individual employee can follow the specified instruction described in security policies. The actual taking place of such compliance behavior is determined by individuals’ willingness and capability of performing such behavior. In this study, we used psychological ownership to represent the driver of willingness and self-efficacy to represent individuals’ capability belief. In addition to understanding the impacts of these two variables on compliance behavior, we also explore their antecedents. Data collected from 234 employees in organizations with specific security policies were used to examine the proposed hypotheses. We confirmed the positive impact of selfefficacy but, surprisingly, found the negative impact of psychological ownership. Such a result generates some interesting implications for researchers and practitioners.