The application of Information technology is wide, and the internet service is diversified. The volume of database storage is increasing, but the volume of object is decreasing. The concept of cloud computing is developing significantly and is becoming the focus of IT industry as well.According to the factors as mentioned above, there are more and more concerns on information security and needs the operator of information technology to emphasize. However, a lot of difficulties in promoting information security management systems occur when information technicians implement the solutions and equipments of information security. ISO 27001 generally plays a very important role in monitoring, reviewing, maintenance and improvement of information security management system. Data of this study was derived from the outcome of questionnaires from IT organizations by utilizing SOM (Self-Organizing Map) to produce some possible information security map. As a result, the outcome of the study would assist the decision maker of IT enterprises to understand the importance of a standard information security policy and how to shape it as per the organization’s requirements. The range of information security which 133 controls factors of ISO 27001 cover is all-directional, but it’s hard to distinguish the wellness of company information security directly due to over completed items. This research tries to propose to three differential Clustering maps by studying 11 domains, 39 Control objectives, 133 controls of the information security-ISO 27001 to help other companies improve the efficiency of the information security management.