In recent years, information security has gained attention in organizations across diverse businesses and sectors. Primary reasons of this can be the new and innovative ways of information handling (during generation, processing, storage and distribution), and dependence of business processes on new and emerging IT/ICT mediums in organizations to carry out daily business activities. This has made organizations agile in terms of functioning and, at the same time, has posed new challenges. In this direction, the present study aims to explore and examine information security management (ISM) practices of two IT development and services organizations in India. In case study design, the study adopts qualitative research route to understand the current ISM practices of the case organizations. The observations derived from semi-structured interviews are presented using descriptive analysis methodology. Further, SAP-LAP (Situation, Actor, Process—Learning, Action, Performance) method of inquiry is used to analyse the findings from case studies. Results highlight the importance of consistent top management support, organizational information security culture and a proper monitoring system for ISM effectiveness in organizations. Insights derived from the study can be helpful for managers and decision makers in managing organizational information security practices. © 2019 International Management Institute, New Delhi.