Information systems (IS) security is traditionally seen as technically-oriented. Technologies alone, however, cannot secure an organization’s information systems at an optimal level. As such, scholars have called for more research on non-technical factors that play an important role in IS security, including human, managerial, and organizational issues. This paper aims to review and synthesize those studies that have been done on non-technical issues by applying knowledge management concepts as a tool and lens. It also identifies some issues that require further research.