Following the market of internet network and e-commerce had become mature, the demand of information technology for enterprises had been important. But now there is no corresponding solution to solve the information security questions such as virus and hacker invading. Except that the implement framework and systematic steps are not perfected yet, the main reason is that most enterprises lack knowledge of information security management system (ISMS). To solve this awkward situation, this article consults BS7799 system and base on the PDCA management cycle to master the important domains and items of ISMS. Then, in order to confirm the necessity and the causality of each item, we carried out the expert’s profundity interview through Focus group interview and Delphi method. Meanwhile, this article also used the Fuzzy theory and Frequency Analysis to represent the difference of importance of each domains/items. Finally, we combine many scholars' framework of ISMS and set up the implementation map of ISMS on the points of management and technological. We believed this implementation map can assist enterprises to control the causality and the difference of importance and improve the completeness of ISS. Therefore it can enhance the ability of structuring the implement procedure for enterprise.