Information security (InfoSec) violations have negative organisational and personal impacts. Studies that examine key factors to motivate individuals to change their security related behaviours are important to promote safe computing. This paper presents a full nomology of the protection motivation theory (PMT) to study the impact of users’ InfoSec awareness on their security protection intention. It contributes to a better understanding of users’ InfoSec awareness through an examination of the impact of security education, training and awareness (SETA) programme on InfoSec threat and countermeasures awareness and the role of InfoSec awareness as an antecedent to the cognitive processes associated with coping and threat appraisals. In addition, this research contributes to extend PMT by investigating the role of fear and maladaptive rewards in explaining InfoSec behaviours.