In this paper, we present a social/behavioral meta-study of good corporate information security practices. The research model combines social cognitive theory and control theory in order to explain the individual and environmental factors that influence corporate information security behavior. The model includes employees’ beliefs about their abilities to competently use computer information security tools in the determination of effective information security practices within organizations. We present the definition and operationalization of constructs such as information security awareness and information security practice as the dependent variable and then support within the organization, encouragement by others, others’ use as environmental factors in the information security context; and finally, self-efficacy and outcome expectations as the independent variables of the model. This research model is aimed to develop an effective audit and recommendation model for organizations that are looking to make significant improvements in their information security profiles.