The increasing dependence of businesses over information and the changing ways of information usage with modern IT/ICT tools and mediums, have created an unavoidable need of information security in organizations. Earlier, the technical measures were used to fulfill this need; however, it has been realized that technology alone is unable to address the challenges of information security management (ISM) in organizations. Management and behavioral aspects are pivotal to build an ISM system in organizations. This paper makes an attempt to understand and examine the current ISM practices of two large size, global IT and management services and consulting organizations, one from India and another from Germany. In a case design, the study adopts qualitative research route and semi-structured interviews were conducted across hierarchy in both the organizations. Observations from interviews are portrayed using descriptive analysis methodology. Further, to draw learning from the cases, SAPLAP method of inquiry was used to understand the present status of ISM practices in both the organizations. Finally, the paper discusses the implications of the findings and scope for the future research. © Global Institute of Flexible Systems Management 2013.