This study hope that the case company integrated pilot units (hypermarkets, department) into the experience of ISO 27001, through expert interviews and the use of level analysis to determine the establishment of information security risk management systems (Information Security Management System, ISMS) all risk property factor to identifyimportant factor to the expectations of other departments of the case enterprises import operations, experience and suggestions direction. First of all, for import the ISO 27001 of the pilot unit to conduct the questionnaire survey, summed up the import ISO 27001 of the key factors and assessment framework, and then through the hierarchy analysis method (Analytic Hierarchy Process, AHP) analysis of each risk factor relative the right weight, By the risk factors of sort of exploring the great importance to the degree of ISO 27001. Expectations through the analysis of results of this study, as other departments of the case company to import the information security risk management system of decision-making reference to enhance the import of the effectiveness of information security management. The final study summed up the top five important risk attributes, as "evidence collection", "user password management, report information security incidents, organizational decision-makers practical support and network control operations, as other departments, the implementation of information security risk management reference.