This paper reports on a case study considering the propensity for a range of stakeholders to engage with information security issues during a major development project as part of a project considering the user involvement with the elicitation of information security requirements. Also examined were the attitudes of IT managers and project team members. The research found that many users have an interest in being involved with information security issue, but their concerns meant they would need to be supported during any information security requirements gathering process. While business areas were interested in being involved, there was resistance from developers and this would require careful management. It was found that most users had a simplistic view of information security, largely limited to issues around access privileges.