Information security is no doubt the most important part of current financial industry. Enterprises are always busy in solving the information security problems with the progress of information technology, the improvement of computer technology, and the quickness of spreading hack skills. Information security is no longer a label that enterprises show their added values, but the basic equipments within the enterprises. The income of the financial industry is impacted by the losses caused by information security problems. Therefore the financial industry increases its proportion of information security expenditures year by year, but more and more information security issues still exist. These information security issues change from the external attacking events to the internal employee thefts. The economic recession caused by financial crisis makes enterprises laying off employees started from last year. It also makes the lacking of information manpower, and even more worse, the leaving employees carry the employer's confidential information away. Some of the leaving employees then use the stealing data in the new companies. This surely causes huge impacts to the capabilities of enterprises' competition and operation. So enterprises strength the need of information security. Along with the progress of information technology, the Information Professionals' workloads and mental pressure increase by times. In the interactions between these two factors, the efficiency of information security jobs is reducing. This research, based on the ISO27001 standard, discusses the viewpoints and influences of the financial industry about the organizations types, position types, and personal characteristics of Information Professionals to the necessity of information security policies, the extent of increasing workloads, and the level of improving the information security after implementing the information security management systems. The data was collected in the method of questionnaire proposed by this research with aided of 2-phase designing and fore testing by the financial professionals, and was analyzed in the method of statistics such as descriptive statistics, One-way ANOVA, and average analysis. The results of this research show that after implementing the information security policies there exists significant differences in the issues of Information Professionals: the "The Company's Industry", "The Company's Size", and "The Educational Background" issues exist significant differences in the "Whether the Company Needs to Implement Information Security Policies Or Not" factor; the "The Company's Industry", "If the Company Gets a ISO27001 Standard", "The Job Type", and "The Gender" issues exist significant differences in the "The Extent of Increasing Workloads" factor; the "The Company's Size", and "The Educational Background" issues exist significant differences in the "The Extent of Improvements of Information Security" factor. In addition, Information Professionals commonly agree with that the "Whether the Company Needs to Implement Information Security Policies Or Not" issue is more important than the "The Extent of Improvements of Information Security" one and much more important than the "The Extent of Increasing Workloads" one among all information security items except for the "The Assets Management" issue. This research expects that the enterprises will consider the results and analysis of this research about the items agreed by the Information Professionals which need to implement and surely can improve the security while implementing the information security policies. Enterprises using the results of this research to figure out their appropriate settings of information security budgets and human resources and to find out the reasons of increasing workloads can improve their operating process and seek the accompanying measures to lighten the burden on related jobs. So that enterprises can implement the policies on information security properly and gain more benefits and rewards.