IntroductionPrior research indicates that employees rarely comply with mandatory information security policies, and organizations find that enforcing information security policies information among employees is a crucial challenge (Herath & Rao, 2009). Organizations and researchers have traditionally focused on using technology to secure computer networks against security breaches (Herath & Rao, 2009; Rhee, Kim, & Ryu, 2009). Practitioners and researchers have recently realized that effective organizational information security can be best achieved through three components: people, processes, and technology (Herath & Rao, 2009). However, researchers generally consider the human component to be the weakest link in the security chain. security control for an organization (Bulgurcu, Cavusoglu, Benbasat, 2010; Chen, Shaw and Yang, 2006; Rhee et al., 2009). There is therefore an abundance of research regarding technical and formal controls for information security management, but there is a lack of research on the informal and behavioral aspects of information security governance (Mishra and Dhillon, 2006). A qualitative, grounded theory study is proposed, with a purposive sample of 10 participants from a northeastern Wisconsin insurance company providing data using semi-structured, in-depth interviews to generate theory about the solutions to reduce employee negligence and non-compliance with information. security policies. The plan of this proposal is to discuss the problem statement followed by the purpose statement and research questions. Next, a section on research method will be presented, including discussions of grounded theory research design and data collection and analysis procedures. Finally, a section...... middle of paper ....... (2009). Information security self-efficacy: Its influence on end-user behavior regarding information security practices. Computers and Security, 28(8), 1-11.Shannak, RO, Aldhmour, F. (2009). Grounded theory as a theory generation methodology in information systems research. European Journal of Economic, Financial and Administrative Sciences, 15, 32-50. Siponen, M. and Vance, A. (2010). Neutralization: New insights into the problem of violations of employee information systems security policies. MIS Quarterly, 34(3), 487-502. Stanton, J.M., Stam, K.R., Mastrangelo, P., & Jolton, J. (2004). Analysis of end-user security behaviors. Computers and Security, 24(2), 1-10. Urquhart, C., Lehmann, H., & Myers, M.D. (2010). Putting the “theory” back into grounded theory: Guidelines for grounded theory studies in information systems. Information Systems Review, 20(4), 357-381.