Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the 1 Mikko Siponen was the accepting senior editor for this paper. Merrill Warkentin served as the associate editor. The appendices for this paper are located on the “Online Supplements” section of the MIS Quarterly’s website. information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital.