The purpose of this paper is to discuss potential human-related problems concerning information security, which foreign companies may face in Thailand, and to suggest supplemental countermeasures in international frameworks such as Committee of Sponsoring Organizations of the Treadway Commission and ISO/IEC 27001. These potential problems are predicted using Hofstede’s cultural dimensions. To evaluate the magnitudes of potential of problems, a measure named Level of Potential (/LoP/) is adopted. The severity of each problem is calculated based on the results of an empirical survey, which was conducted in Thailand. This paper examines the relations between the conditions of occurrence of problems and the profiles of the respondents. The problem “Using previous company’s confidential information” is found to be the severest among all the investor countries considered; the second severest problem is “Unintentional sharing of confidential information” while the problems of “Concealing faults made by friends”, “Lower priority to information security management”, “Lack of interest in information security management” and “Lack of interest in information outside duties” are also severe. This paper has identified information security management-related problems with their severities and conditions of occurrence for each of the key investor countries in Thailand. It has recommended practical countermeasures to cope with the six serious problems identified.