The progress and popularization of information technology, business use of information systems and rely on increasingly high level of information, business information systems used to replace repetitive manual tasks, become competitive weapon subsequently. Enterprises to use the convenience of information technology, but also prevent information leakage caused by the competitive threat, so the information security 』『 organization is an important issue can not be ignored. How companies make the best use of resources, effective implementation of information security policy and management, is the challenge of the project organization subsequently. Security specification was first proposed by the British National Standards Institute (British Standards Institute, BSI) in 1995 proposed Information Security Management System BS7799 (ISMS ︰ Information Security Management System) is to BS7799 Part I, in June 2005 to become ISO / IEC 17799 ︰ 2005 International Standard, BS7799 Part II in October 2005 by the International Organization for Standardization (ISO) formally adopted as ISO / IEC 27001 Information Security Management System ︰ 2005 standard, is now the most recognized by the international community and adopt the information security management standards. In this study, case study, the use of in-depth interviews and questionnaire survey, case discussion, Information Security Management System (ISMS ︰ Information Security Management System) and get information security certification, induction into the enterprise information security system of risk assessment of information assets Elements of the resistance faced by users of the benefits and differences between before and after import. Can be used as a reference for other enterprises to import and shorten the time of import process. And achieve continuous improvement requirements through the PDCA (Plan, Do, Check, Action) management cycle.