With the era of technological development, hackers or virus infection, caused by the theft of personal data, intellectual property infringement, the destruction of major facilities, financial institutions and the country was invaded by the infiltration of confidential information, are showing the work of information security more important, and information security tools and mechanisms for security is more the lack of link. In the past researchers from the technical point of view to ensure that the application of information security, and less from a management point of scholars explore the application of information security. Therefore, this study was the use of Analytical Hierarchy Process (AHP) to explore information security decision-making in the "electronics industry", "medical profession" and "national troops unit" organizations, and using the ISO 27001 11 major term control important item, 39 control objectives, 133 control measure to establish the level structure. The second level of it includes "the management surface ", "the staff surface" and "the equipment surface", and the third construction by ISO 27001 11 control item. Finally, re-use information security decision-making program to divide four options: "as the case of outsourcing", "outsourcing", "Home", and "the elimination and transfer ", in accordance with the characteristics of the different organizations , select the most suitable decision-making information security assessment programs and proposals, and to explore the different organizations on information security decision-making differences between options, and placing the focus on information security to discuss the military options of study. Moreover, expectations of future results can provide the military decision-making information security program important reference choice.