Information security is one of the most essential concerns in today’s organizations. The aim of this research is to focus on the human factor of the organization, which impacts the security of the information, since technological solutions of technical problems become incomprehensible without human recognition about security. This study explores ways to enhance information security and improve the human factor by integrating the crucial information security elements in organizations. Social constructivist worldview is adopted throughout the study, and an inductive based - qualitative approach, a single case study design and hermeneutical analysis for analyzing the observations and interviews are utilized. The research setting for this study is Växjö Municipality in Sweden. The empirical investigation suggests that human factor plays an essential role in maintaining information security, and organizations can improve employees’ role by keeping their security policies up to date and find the best ways to disseminate that information. As a result, this research comes up with “information security human management model” for organizations.