A conceptual framework for physical security culture in organisations is proposed, based on the integrative model of safety culture, as developed by Vierendeels et al. (2018). The proposed conceptual framework for physical security culture has the advantage that it brings security threats, technique, organisation and human aspects together in a coherent, integrative and related way. The framework includes five main domains of security culture, being (a) an observable technological domain, (b) an observable organisational domain, (c) an observable human domain, (d) a non-observable organisational domain or perceptual domain, and (e) a non-observable human domain or psychological domain. These five main domains can be further divided into several more specific sub-domains of security culture. At their turn, these sub-domains can be translated into measurable security results, being (a) observable security outcomes, (b) the security climate of an organisation or the shared perceptions on security, and (c) the individual intention to behave secure or insecure. The aim of the framework is to take all security-related aspects into account – based on the specific security threats to which an organisation is exposed – leading to a pro-active approach of the physical security of organisations. The framework provides specific points of departure to make the security culture measurable, and by extension controllable.