The university is an organization that manages much public information, and therefore, information security policies are developed to ensure data security. However, during implementation still founded disobey behavior user and has an impact on data security. The previous research has been conducted to find influencing factor user comply with information security, although some model and theories still limited to implementation. There is a lack of researchers combine behavioral theory and organizational theory to develop models and previous model inadequate to universities that have unique characteristics. This study aims to explore and identify factors that influence information security compliance and continue to develop conceptual models for assessing information security policies. This conceptual model creates based on a systematic literature review and preliminary study. The results in the conceptual model found several variables, namely habits, attitudes, moral beliefs, self-efficacy from behavioral theories and human culture, commitment, rewards, costs can be used to evaluate user compliance with information security policies. Conceptual will be tested further to contribute to help universities to ensure and assess users to comply with information security policies.