Due to the rapid development of information technology, the society and people’s lifestyles have changed. With the popularization of the internet, there are more and more internet services provided by government and internet service providers. It is difficult for people to go without the internet in their daily life. It will be a huge impact if the internet is damaged by hackers and cannot operate normally, or the personal information is exposed in a data breach. In response to changes in this situation, many countries start to establish a legal framework for information security. Their purposes is not only to promote the development of information security, but also to protect the information assets. This thesis will discuss the development of information security legal framework in the United States, Japan, China, and the European Union, which have a greater influence on the world, to understand the trend of information security legal framework in the world. For the opinion of this thesis, information security standards and its certification systems are the most important parts in the field of information security. Therefore, in addition to the basic information legal framework, it will discuss the development and the plans of information security standards and certification systems in the United States, Japan, China, and the European Union. Most countries choose to establish national-level dedicated supervisory agencies and formulate special laws on information security management in their information security legal framework. Moreover, they require that government agencies and critical infrastructure companies should confirm the risk classification, protection plans, assessment, improvement, emergency notification and incident drills of their information security systems. As for their information security standards and its certification systems, most countries choose to establish a national-level specialized agency which is authorized by law. The agency will responsible for set standards and implement related certification and verification. In August 2016, our President Tsai Ing-wen put forward the “Cyber Security is National Security” policy at the National Security Council. After that, The Cyber Security Management Act was passed in June 2018. It shows that we have entered an era of Cyber Security. However, comparing our information security standards and its certification systems with other countries, instead of establishing a national-level specialized agency, our security standards are in charge of diffrerent agencies according to different types. Owing to the decentralized management, our information security standards and its certification systems lack an overall framework and a comprehensive plan. The thesis aims to reflect on our shortcomings through discussing the development of information security legal framework in the United States, Japan, China, and the European Union. Also, the thesis suggests that we should establish a national-level specialized agency to promote the development of our information security legal framework.