The literature agrees that the major threat to IS security is constituted by careless employees. Therefore, effective IS security requires that users are not only aware of, but also comply with organizations’ IS security policies and procedures. To address this important concern, different IS security awareness, education and enforcement approaches have been proposed. Prior research on IS security compliance has criticized these extant IS security awareness approaches as lacking theoretically and empirically grounded principles to ensure that employees comply with IS security policies. This research-in-progress study proposes a new model that contains the factors that explain employees’ IS security compliance.