The development of new means to attack information systems by attacking humans accessing the systems has increased the attention given to risks related to human or social aspects of information security. However, the effect of organizational key constructs proposed in organizational and individual behavior literature on information security has not been rigorously examined. Therefore it is important to develop measurement instruments and validate them properly to empirically capture the phenomena with reliable results. In this paper we attempt to conceptualize seven constructs and their sub-dimensions toward developing a measurement instrument. This attempt is carried out through specifying the nature of each construct’s conceptual domain and surveying content domain experts on the relevance, comprehensiveness and clarity of the identified dimensions of the construct. Based on the survey results we provide a set of validated constructs and dimensions that can be used to formally specify future measurement models for investigating how organizations can influence information security behavior.