Companies not only establish security systems and develop various policies to protect information but also implement activities to raise security awareness among organizational members. These efforts are continuously communicated to employees through internal promotions and training. However, in reality, the leakage of critical corporate information still occurs frequently due to individuals' insufficient security awareness. This study investigated the factors influencing various activities for corporate information protection to explain this phenomenon, approaching the issue from the perspectives of deterrence theory and control theory based on the Technology Acceptance Model (TAM). First, based on the TAM, perceived usefulness and perceived ease of use were selected as factors influencing organizational members' acceptance attitudes toward information protection. These factors were extracted from deterrence theory variables—security policy, security systems, and security training—from the perspectives of usefulness and ease of use, while punishment and reward from control theory were selected as factors influencing organizational members' attitudes. While policy, systems, training, rewards, and punishment represent the firm's own efforts toward information protection, personal aspects can also influence organizational members' attitudes. Therefore, personal experience, awareness of actual risks, and the relevance of security to work tasks were utilized as additional variables. Data collection for the empirical analysis was conducted through a survey, and a total of 242 responses collected via an internet survey were used for analysis. Regression analysis results revealed that perceived usefulness of security training and rewards, perceived usefulness of punishment, and risk awareness related to security had direct and positive effects on organizational members' attitudes. The findings suggest that companies need to strengthen security training and provide appropriate rewards to motivate information protection. Furthermore, these results imply that if individual penalties are strengthened and risk awareness related to security is heightened, organizational members will make sustained efforts toward information protection.