With the proliferation of computer-driven organizations and internet-based business information systems, the need for security has increased significantly. In addition, information security compliance is becoming a controversial issue among IT professionals. This paper aims to address the concerns arising from compatibility of security standards, compliance cost, certification approval and human involvement that affect compliance management. A unified approach to information security compliance is suggested for organizations seeking to build strong relationships across business and IT departments, improving in that way a company’s security value.