Bring Your Own Device (BYOD), cloud drive and cloud services applications are becoming increasingly diverse in new technology innovation. Due to advances in network and information technology , that we can quickly and easily obtain the required information, but also because of this convenience of no safety cognition and defenses, is easy for us exposed to new information security risk. Because information security incident caused not only the loss of the organization's financial side, and will affect the brand image of the organization, even affecting the sustainable operation of the organization. So how to protect the security of information assets, avoid improper use or damage or theft, is the organization has to pay attention to issues. Although information security management can allow enterprises to avoid incalculable loss, but everything has management of action, always lose convenience. When implementing the information security management on the small and medium-sized enterprises, often found on the entire system access becomes cumbersome, thus causing more trouble and users complaining. While security has improved, but convenience has dropped significantly, convenience has resulted in slower processing speed, which affects system performance or individual performance problems. Implementation of information security management, although can allow enterprises to avoid business losses, but what influence on the entire enterprise information system? Therefore, this study based on "ISO 27001, CNS27001 information security management " and "D & M Information System Success Model" and "The Technology Acceptance Model (TAM)" theoretical to three dimensions of "information security management" and "system characteristics " and "staff awareness ", to discussion in the "Information System Benefits" of the implementation of information security management for small and medium-sized enterprise. This research has been targeted at small and medium-sized enterprise in implementing information security management. Data collection via questionnaires way to verify mode. A total of 497 questionnaires distributed, 102 valid questionnaires were real, effective response rate was 20.5%. The results showed that: 1. Information security management on system characteristics dimensions (information quality, system quality, service quality) and staff awareness (perceived usefulness, perceived ease of use) dimensions are significant affect. 2. Staff awareness (perceived usefulness, perceived ease of use) have a significant affect on information systems benift. 3. System characteristics dimensions (information quality, system quality, service quality) has no significant affect on information systems benift, but also in the path of information quality and system quality to information systems benift is negative, showing its benefit may be a reverse effect.