The events of Information Security are increasing. It is a severe problem of Information Security we cannot ignored. The quality of hardware facilities and Information Security managements should be enhanced to reduce the risks of Information Security effectively, and we should consider the management of the budget restriction and the Information Security to acquire the biggest benefit. In order to effectively reduce the Information Security risks caused by network, the factors we need to consider are manage policy, behavior and budget. Therefore, we still need to control the damages within an acceptable range. The above is the current major issue we facing in the information security. ISO 27001 is an Information Security Management System (ISMS) standard. This standard prevents damages of Information Security and potential risks. ISO27001 norms as 11 areas, 39 control objectives and 133 controls that increase the implementation difficulties of the organizations. Thus, this study propose to use ISO 27001 standard to analyze many different Information Security cases for some common problems of Information Security. According to the items we explored from many different Information Security cases, we can give some suggestions to strengthen the risk management of Information Security. This study proposed to decrease the risks of Information Security effectively under the limited budget.