As information has been a basic commodity and strategic asset, information systems (IS) security has become increasingly important to organizations. This paper conducts a review on the prior literature that has studied non-technical factors of IS security issues from organizational perspective rather than individual level. Five key concepts are studied: IS security management, organizational factors, human factors, strategic planning, and IS security policies. By integrating the main concepts that are reflected in the literature, this paper proposes an integrated framework which provides a comprehensive look at effective IS security management. Four propositions are developed. This framework is intended to provide guidance for organizations and security practitioners that need to implement their IS security management effectively.