Abstract
A large number of security breaches involve internal employee negligence and insider breach. This situation, coupled with the need to comply with regulatory mandates has led to the establishment of comprehensive information security programs in many organizations. However, the relationships between comprehensive information security programs and security culture are unclear. This research thus proposes a research model to evaluate the influences of key components of comprehensive information security programs on security culture and empirically tests it. The results indicate that SETA programs awareness has significant influences on security culture and on employees' awareness of organizational security policy, and that the awareness of security monitoring also impacts security culture. The proposed research model can be used as a benchmark to evaluate the effectiveness of comprehensive information security programs, to improve the design of such programs should gaps exist, and eventually assist in building a security culture.