This study addresses the security of information systems (ISS) as one of the most important issues in organizations and especially municipalities. Instead of exceptions, information security breaches have become a norm, and security of information systems can only be realized when employees completely accept this concept by changing their behavior in line with advanced information security systems. The model of this research is based on institutional theory. This two-way model has introduced organizational citizenship behavior (OCB) and counterproductive work behavior (CWB) in the process of verifying the security of the information system. This research also measures the impact of innovative culture on the information security system. The statistical population of the study consisted of Mashhad Municipal Information Technology experts and data collection tool was a questionnaire. The data support mainly the proposed research model and the results indicate the application of institutional theory in explaining the process of institutionalizing the changes in the security of the information system on the innovative culture of the organization, legitimizing and accepting those changes, and increasing organizational citizenship behavior (reduction of counterproductive work behavior) in employees Which, in the end, will increase the effectiveness of the security of the information system.