With regard to the organizational strengthening of information security, in addition to establishing protective mechanisms from the technical perspective and formulating standards and conduct audits from a management perspective, enabling organizational information security policies and making employees actively or passively comply with information security policies have become important discussion topics in recent years. This study combines organizational citizenship behavior and group engagement models, and uses organizational citizenship behavior to explain extra-role behavior. Group engagement models to strengthen in-role behavior can enable employees to be more involved with work and comply with standards. Furthermore, we examine the causes of organizational citizenship behavior and engagement. This study conducted questionnaire surveys in Taiwanese organizations that have obtained ISO 27001 accreditation. This will contribute to theoretical expansion and provide a theoretical basis for promoting and encouraging information security policies. Organizational identification will be used to improve organizational citizenship behavior and engagement.