The importance of protecting information in banks and mitigating security breach is becomingrnmore important than ever. Human factors represent essential issue in information systemsrnsecurity in organizations, since human factors determine the behavior of employees towardrninformation systems security. This thesis researched information systems securityrncountermeasures that are used to reduce internal threat and how employees perceive them andrncreate a human factors model to address human factor gaps in information systems security inrncommercial banks in Ethiopia. A case study research design was used, since case study researchrndesign helps to understand a situation in great depth. Purposive sampling was used by this thesis,rnsince it is recommended for qualitative case researches. The samples were selected based onrneligibility criteria that the respondents should have experience and expertise in informationrnsystems security and the banking activities. The sample consists of information systems securityrnmanager, branch manager, information systems auditor, audit division manager, informationrnsystems support officer and front users. For this research both structured and unstructuredrninterviews were used. For data analysis thematic analysis and pattern matching techniques werernused. The findings were used to create comprehensive model which can assist in informationrnsystems security to secure information. The study investigated the impact of employees behaviourrnwith regard to information systems security. The findings prove that users engaged into riskyrnactions that could make the bank system subject to attack. Employeesâ€™ behaviour has been shownrnin relation to technology interaction, perception and information systems security training.rnEmployees behaviour on human factor in information systems security can be improved byrnsupplying information security training. Information systems security oriented training canrnaddress human factor problems in banks by increasing theoretical and practical knowledge ofrnthe users. Since information systems has the human element as a fundamental component,rninformation systems security process should include the users.