Information security is usually considered a technical discipline with much attention being focused on topics such as encryption, hacking, break-ins, and credit card theft. Security products such as anti-virus programs and personal firewall software, are now available for end-users to install on their computers to protect against threats endemic to networked computers. The behavioral aspects related to maintaining enterprise security have received little attention from researchers and practitioners. Using Q-sort analysis, this study used students as end-users in a graduate business management security course to investigate issues affecting selection of personal firewall software in organizations. Based on the Q-sort analysis of end-users in relation to seven variables identified from review of the information security literature, three distinct group characteristics emerged. Similarities and differences between groups are investigated and implications of these results to IT managers, vendors of security software and researchers in information security area are discussed.