This study extends current behavioural information security compliance research by adapting the “work-stress model” of the Job Demands-Resources model to security behaviour. The paper proposes that users’ compliance burnout and security engagement are results of coping with security demands and receiving resources respectively. Compliance burnout would reduce security compliance while security engagement would increase it. The security compliance model developed in this study emphasises developing emotional and cognitive resources from IS users through effective provision of organisational resources and security requirements to promote desired security practice.