The government and commercial demands prompt the expansion of the global computer application and the prosperous development of the Internet makes the computer a necessity in everyone’s daily life. However, the business opportunities and convenience brought by the massive messaging and trading platforms in the Internet are also accompanied by the new threat and the potential for increasing damages. In this Internet environment, the business is facing a serious information security threat. The computing environment of the business today differs from the past environment in that the current computer environment has been transformed into a distributed environment from the centralized environment. The mainframe system has been replaced by many smaller departmental servers. The IT environment is thus getting complicated. Since Microsoft Windows 95 system was out to the market in 1995, the simple user interface, built in functions and low learning cost have made the computers widely accepted. Windows system platform’s market share was further increased due to the availability of new products and consistent promotion by Microsoft. The said factors have made the Windows system platform a main target for attack. In the past few years, there have been numerous viruses which aimed at the Windows platform, and the businesses without appropriate protection deeply suffered. The importance of the security of the Windows platform is thus increased in light of the wide usage of such platform. This thesis primarily addresses the information security solutions for businesses and the research focuses on the establishment of the overall information security solutions on the Windows system platform by means of the risk management and security approach. In the past year, Microsoft has made a lot of efforts in the field of information security, and provided for many solutions related to information security in addition to the product improvements. To achieve information security requires the combination of the personnel, procedures and technology. If the enterprises have accurate information security knowledge, apply risk management procedures, understand the security threat and risk faced by the IT system, adopt appropriate defense measures in combination with the system hardening and security patch management procedures and technology, the information security problems may be avoided. There are no 100% safe protection measures, but appropriate defense measures may control the damages to the minimum. The foregoing, combined with the urgent emergency measures and disaster recovery plan, will be the means to achieve the goal of the business information security even under the Windows system platform.