This paper addresses the contextual dependencies related to the use of information systems security and criticizes the predominance of technical and formalized paradigm in the development and implementation of IS security policies and procedures. The underlying epistemology of our research lies in the interpretative paradigm. It explores the patterns of how the contextual use of information systems security is involved according to a business/organizational practice perspective. It elicits the detailed processes and practices that constitute the pragmatic perspective in developing information security activities.