Nowadays, almost enterprises utilize technological tools to process their business because of the improvement of information technology. However, some people steal confidential data from the drawback of technological skills. For example, “USB (Universal Serial Bus) virus” is one of most prominent information security issues. The object of our research focuses on monitor and audit internal employee’s intended or unintended use “USB portable storages” such as memory card and portable hard disk. When a worker uses a portable storage to copy the internal data from his or her business and try to sell it, it would lead to information divulgence and destroy the enterprise seriously. As a result, we offer a new method and system which only allows employees legal to use USB portable storages in a limited control range. It does not only avoid employee’s intended or unintended to copy data; but also builds up the audit rule to control staff use USB portable storages illegally and even improve the security ability of an enterprise. All in all, our research had developed the USB portable storages control system and used in the real case for practical implementation. We also compared system event records of IDS and central anti-virus system. The result is revealed that anti-virus and IDS have been decreased in last three months. In addition, the role of protecting business security is from passive fixer tends to interactive preventer. It can also assist managers to process a business internal and improves the entire enterprise information security.