A large part of information systems (IS) security approaches is technical in nature with less consideration on people and organizational issues. The research presented in this paper adopts a broader perspective and presents an understanding of IS security in terms of a social and organizational perspective. In doing so, it uses the communication of risk messages among the members of IT gro…