In recent years, as Web 2.0 gains its popularity, the audio and multimedia effects on the web pages are more diverse, interactive, and abundant. Now, the social networks are hot, such as Facebook, Plurk, Twitter, Free Blog, Xuite, and Yam Blog, and MSN, Yahoo! Messenger, Skype, mobile phones, and emails have their tremendous influences which cannot be neglected. According to the statistic of ComScore company to the end of 2011, there were 794 million people visited Facebook monthly; each person spend 377 minutes, that is more than 6 hours, on social networks. Recently, 165 anti-fraud hotline of National Police Agency has found there were consecutive social network attacking cases. In view of the prosperous of the Internet, the social engineering attacking is derived from the former emails to social networks today. If we do not pay attention to and strengthen the information security management, the information security cases will repeat itself. The influences will be broadened, and the lost and damage is beyond calculation. This research discusses the social engineering attacking related to social networks and compare these information security cases according to case analysis method. Also, we discuss the social engineering attack control measures in international ISO/IEC 27001 information security management standard and combine the standard operation procedure of ISO/IEC TR 18044 information security matters management. By the risk management regulations and guideline of AS/NZS ISO/IEC 31000, we measure the impact and chances of rick, establish complete evaluation and handling procedures, and etc. We hope that the related information security matters can be reduced and stop related social engineering attacking from happening.