With the continued expansion of corporate information systems and the increasing use of networks, information security management (ISM) has become more important than ever. However, few empirical studies have examined the effects of firms' internal and external factors on their ISM processes. This study investigates the role of Need Pull and Technology Push on the ISM process, and examines the regulatory pressure within ISM process. To test the research model, the study considers data from a random sample of organizations obtained through the Korea Composite Stock Price Index (KOSPI), the Korean Securities Dealers Automated Quotation (KOSDAQ), and the Korea Foreign Company Association (FORCA). Results demonstrate that need-pull and technology-push had positive effects on the ISM process. In addition, regulatory pressure as a moderator had positive effects between ISM awareness - ISM development and ISM development - ISM performance.