The conceptualization of information security culture to develop an information security culture measurement model, to do so, comprehensive literature analysis of current information security culture models and frameworks were examined. Organizations in the developing countries need to protect their information assets (IA) optimally. This paper is based upon the argument that achieves the fully effective information security management (ISM) strategy; is essential to look at information security in a socio-technical context, i.e., the cultural, ethical, moral, legal dimensions, techniques devices, and. Tools An information security culture is defined as the attitudes, assumptions, values, beliefs, and The knowledge that employees/stakeholders use to interact within the organization’s systems and procedures at any point in time. This paper is to addresses whether the current reference documents on corporate governance pay sufficient attention to information security within their organization or whether reference documents on security management and baseline controls sufficiently recognize the relationship with internal control systems and framework, governance pay attention among and the responsibilities of the corporate board with respect to information security and training, and executive accountability. The Information Systems (IS) in organizations already ubiquitous in developed countries – are being deployed in developing countries more Information Security Governance with services such as registration of death. Birth, issue of passport, registration of marriage, collection of tax, registration of voters, payroll, and public finance amongst others have been computerized or are under active considerations for automation consists of these services and framework has become a vital function within the information system and governance. With increased dependence on the IS connected over open data networks, efficient information security governance has become a vital success feature for organizations in developing countries. Among the Developing countries are going through processes that developed countries went through many years ago. To achieve information security in an organization, it is essential to create and implement effective information security in a corporate organization. The focus of this paper is to enhance information security in non-profit organizations in the context of developing counties. According to the United Nations, developed countries are United States, Canada, the Japan, Australia, New Zealand, and European countries, while the remainder is developing countries like Nigeria. The adoption and This goal concentrates of information systems faces many challenges in many developing countries such as lack of skilled personnel and Musa, 2010; Karokola and Yngström, 2009; Kimwele, Mwangi and, financial constraint, national culture, and inferior infrastructures security awareness among others. The studies have indicated social issues are at least as vital as technical issues in implementing information security governance. The information system is defined as “A discrete set of information resources organized for the such threats may continue to increase unless strong information security frameworks are implemented throughout company management chains. Collection, maintenance, processing, The use, of sharing, dissemination, or disposition of information”. It also includes industrial/process controls equipment, the telephone switching, exchange; and equipment for environmental control.