Information security management (ISM) is an issue of growing concern to the Chinese government because of the wide adoption of information systems in society. This exerts different pressures on organisations to ensure effective ISM, which is achieved when organisations perceive and acknowledge the importance of ISM and take responsibility on its efficient implementation and evaluation. In recent years, ISM has also increasingly become a critical issue among organisations. Prior studies have proposed ways to improve ISM by analysing different perspectives. Of these, the institutional perspective has offered a unique insight in understanding ISM organisational behavior under a dynamic institutional environment. However, little research has been conducted in the unique institutional environment, especially with China as the unique type of government. Therefore, this thesis uses institutional theory to explore the relationship among ISM, organisational behaviour, conformity, and institutional pressures in the Chinese context.Intensive field-based interviews were conducted in China between 2010 and 2012 on two selected organisations, namely, Hospital A and IT Company B. This thesis provides multiple case studies of Chinese organisations to understand the organisational strategies in responding to institutional pressures in the ISM process. It concludes that the organisational strategies of responses to institutional pressures are a result of balancing external government supervision enforcement and internal organisational incentives. A theoretical framework of factors in organisational response to institutional pressures is developed, which can be used for further research. Practical implications for governments to improve the efficiency of organisational information security activities are also presented.