Many of the information systems (IS) security breaches in organizations can be attributed to the security related decisions of individuals. To combat this, many organizations have placed an emphasis on IS security training. However, despite this emphasis, the number and impact of IS security breaches continues to rise. This paper argues that current IS security training encourages a mindless adherence to policy that inhibits its effectiveness, and presents a theoretical framework for IS security training that integrates mindfulness into the decision making process and then applies that framework in the context of IS security training with the goal of improving the effectiveness of training to improve the ability of employees to make effective decisions with respect to IS security.