With the rapid development of computer science and technology, new problems are followed. Personal information would be stolen and we even have no idea when it happened. Attack of virus and hackers may destroy all the information in your computer. When all documents, data and prcedures are digitalized, the Government and enterprises need to pay more attention on the information security. A carless mistake resulted in hundreads of millions dollars lost. An unexpected attack caused all valued information destroyed. The total cost of information security incident was not only money lost, but also invisible loss beyond estimation because of data ruined and without backup. At present the information security is more than preventing virus and hackers. In order to shelter organization’s property from variant attacks, it is important to well protct all kinds of information assets. If a multi-layer protection frame of information security can obstruct attack from external network. How to take precautions against internal network attack and man-made information incident? Due to the uncertainty of information security, we need to think carefully about how to create a high-efficiency but low-risk information environment. And the information security management standard we followed provides our organizaiton an effective insurance. Under the criterion of ISO 27001, we hope a safe information operation environment for our organization will be built. This research is based on ISO 27001 to study current information security management in government institute. As ISO 27001 includes 11 items, this research also tries to find out how three factors - ploicy, staffs and management influence Information Security Management System. Meanwhile, this research attempts to analyze the difference between administrator and end users of government institute, by way of interview.