Information security has typically been considered a technological problem as well a technological solution. What is totally false because the security is based on the people, not only that, in order to reduce risks and insuring information security, organizations often rely on technology-based solutions aside the perception of the user, who is the main actor, and little has been done to determine the factors that affect their intention to Implement Information Systems Security. In such sense, the management model of risks, in the Information Systems Security of the University Nacional del Altiplano's academic area, raises a key constructor's group: the management's commitment, organizational culture, organizational mission, resources and budget, education and training, awareness of security needs for the personnel, technological infrastructure, support to the user, user expertise, combined with the Theory of Planned Behavior, to allow identifying and assessing risk factors (critical success) to implement security from the perspective of the user in various scenarios where it is required to implement security in Information Systems, in order to enable organizations to better invest in the future implementation of Information Systems security and make the necessary adjustments to success. Besides that, this model has been determined based on multivariate path analysis for the case of the University Nacional del Altiplano's academic area, risk factors are: the resources and budget with -0,558, the organizational culture with 0,439, awareness of the need for information security with 0,431 and 0,357 education and training.
