Information systems of today face more potential security infringement than ever before. The regular susceptibility of data to breaches is a function of systems users' disinclination to follow appropriate security measures. A well-secured system maintains integrity, confidentiality, and availability, while providing appropriate and consistent information, achieving adequate organizational goals, utilizing resources efficiently, and implementing effective internal control measures that provide reasonable assurance that control objectives developed by management are effective enough to thwart, detect, prevent or correct any undesired events in a timely manner. Traditionally, technology has been the focus on securing information systems; more research is needed to investigate the non-technical aspect of information security. Information security policy is a major prerequisite for effective information security program. For a security program to be effective, management must create awareness of the policy, enforce the policy and frequently maintain the policy. Without security awareness and training, information security and privacy techniques instituted by management would become ineffective. Policy awareness is a vital ingredient necessary to establish information security culture. The subject of this study is the mitigation of information security challenges using non-technical approach, focusing on awareness, enforcement, and maintenance of established information security policies. This study focused specifically on the critical elements of information security policy management and their relationships with organizations information security effectiveness. This quantitative non-experimental survey research investigated the effectiveness of information security programs in Nigerian organizations. This study utilized a structured survey instrument to gather data from a population of Nigeria's information security professionals. There were 72 respondents with complete response out of the 275 survey that were distributed in this study. Survey data were analyzed using correlation and regression analyses. The result indicates that (A) there is a high and positive relationship between security policy awareness and security program effectiveness in Nigeria; (B) there is a moderate and positive relationship between security policy enforcement and security program effectiveness in Nigeria; and (C) there is a high and positive relationship between security policy maintenance and security program effectiveness in Nigeria. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.]