In a highly competeive enronment, banks rely more and more on infromation security system. However, with the incresing information secutiry incidents, it would be very important for banks to follow a well-defined information security management system (ISMS). This research takes a bank as the case study. The researcher wants to find out those important controls among those 133 ones based on the questionaries of ISO 27001. Besides, this study also wants to find out if it helps or promotes staff''s understanding towards administration effect after implementing ISMS. This study finds out there are ten key controls for bank. There are one control that comes form human resources security, six from security policy, orgination of imformation security, physical and environmental security, and three form communications and operations management. As a result, when implementing ISMS, banks should put more importance and human resource on those related meausres. What''s more this study also finds that implementing ISMS not only helps the imformation security but also does no negative effect to the administration effiency. As a reuslt, the researcher suggests banks which do not implement ISMS could take the possibilty of implementing ISMS into serious consideration to reinforce the information security of the orgination. Besides, the attitude of interviewers towards "the level that ISMS helps imformation security of banks" differs from different departments and job. Therefore, when an orgination could take this into consideration when implementing ISMS and find out its solution.