Due to human theft, fraud and error is declining as well as the reduction in computer properties misuse, most of the ICT departments all, should focus on human elements in their models of information system (IS) security. This issue has not been considered in previous studies efficiently. This paper, uses qualitative approach in order to improve IS security models. Usually, in most of the developed models so far, only technical factors are considered. In this regard, an interview was conducted with 6 experts in ICT departments of 6 universities in Iran. After exact review of their ideas and insights, human factors have been identified. All of the achieved results have been added to existed technical models and then the finalized model has been designed, which was verified by experts too later. The identified human factors include staffing, training, reward and compensation system and also performance appraisal.