This study aims to investigate why users engage in “security misbehavior” (SMB) when using organizational information systems (IS). It is posited that user intention to engage in SMB is influenced by attitude toward SMB, workgroup norm, and perceived professional identity mismatch. Attitude toward SMB in turn is predicted by attitude toward targets (IS department and security policy), expectations of utilitarian outcome (perceived security risk, perceived accountability, and job performance expectation), workgroup norm, and perceived professional identity mismatch. The model was tested with partial least square (PLS) technique on data collected from a survey (N=104). The results suggested that both attitude toward SMB and workgroup norm have significant influence on SMB intention. User attitude toward SMB is influenced by workgroup norm and perceived identity mismatch. Workgroup norm appear to be a key determinant of user SMB intention.