Information security management (ISM) is a continuous, structured and systematic security approach to managing and protect the organisation's information from being compromised by irresponsible parties. To ensure the information remains secure, many organisations have implemented ISM by establishing and reviewing information security (IS) policy, processes, procedures, and organisational structures. Regardless of the efforts, security threats, incidents, vulnerabilities, and risks are still plaguing many organisations. Lack of awareness of ISM effectiveness due to low understanding of the success factors is one of the major factors that cause this phenomenon. This study aimed to address this subject by firstly identifying the ISM key factors from existing literature and then by confirming the factors and discovering other related factors from practitioners' perspective. This study used a qualitative method where it adopted semi-structured interviews involving nine practitioners. The data were analysed using content analysis technique. Through the analysis, the study validated several ISM factors and their elements that contribute to the success of ISM. The findings provide practitioners with the high understanding of ISM key factors and could guide practitioners in implementing proper ISM.