This study-in-progress examines the similarities and differences in organizational security norms between the banking industry in the United States and South Korea. Organizational security norms refers to appropriate actions related to information security safeguard. Drawing on the Competing Value Framework (CVF), Neo-Institutional Theory (NIT), and Hofstede’s Cultural Framework, this study proposes an integrated theoretical framework to assess the impact of national culture, organizational culture, and industry on organizational security norms among the banking employees. In general, this study intends to contribute (1) a theoretical framework encompassing national, organizational and industry cultures, and (2) practical implications to improve information security safeguard in multiple cultural settings.