The focus of this dissertation was to examine the crucial relationship between organization systems within the framework of the organizational behavior theory and information security awareness (ISA) of users within the framework of the information security theory. Despite advanced security technologies designed to protect information assets, organizations continue to suffer from cyber attacks. From the review of the literature, Information Technology (IT) users are at the heart of information security. Accordingly, inadequate ISA of users can lead to external and internal cyber attacks in an organization. The problem addressed within this study was users' lack of ISA as a deterrent countermeasure for organizations in defending against cyber attacks. The purpose of this quantitative, non-experimental, and correlational research was to examine the correlation between organization systems and ISA of users. The participants comprising the IT users were bank administrative officers of ten publicly traded commercial banks in Thailand. Drop-off and online survey methods were used to collect empirical data. Based on the research findings, there was a statistically significant, moderate, and positive correlation between ISA of users and formalization (r = .320, p < .001), a hierarchy culture (r = .416, p < .001), a market culture (r = .308, p < .001), and human resource policies and practices (r = .409, p < .001). However, there was no statistically significant correlation between ISA of users and centralization (r = -.006, p < .938). Therefore, the organization structure dimension of formalization, the organizational culture dimensions of hierarchy and market, and human resource policies and practices may significantly influence ISA of users. According to these results, future research should be done to determine how a security culture and the ISO/IEC 27002 Standard could be implemented to raise ISA of users.