The effectiveness of information security can be substantially limited by inappropriate and destructive human behaviors within an organization. As recent critical security incidents have shown, successful insider intrusions induce a fear of repeated disruptive behaviors within organizations, and can be more costly and damaging than outsider threats. Today, employees compose the majority of end-users. The wide variety of information that they handle in a multitude of work and non-work settings brings new challenges to organizations and drives technological and managerial change. Several areas of studies such as behavioral information security, information security governance and social engineering to name a few, have emerged in an attempt to understand the phenomena and suggest countermeasures and responses. This paper starts by defining behavioral information security and provides examples of security behaviors that have an impact on the overall security of an organization. Threats’ mitigations are then depicted followed by future trends.