The rapid development of the Internet and progress in information technology have brought convenience to daily life, but many information security-related computer crimes and risks have also resulted, with different extents of impact reaching far and wide from individuals, organizations, to countries. How to properly protect, control, and maintain the usability of information has become a very important issue. Hence, in order to manage the important tangible and intangible assets in a more organized and efficient manner, the British Standards Institution (BSI) has proposed a method known as the BS7799 for the systematic analysis and management of information security and risks; BS7799 is also the predecessor of ISO27001, the current security management system standard widely used internationally. In order to expand the information security level, the International Organization for Standardization (ISO) has even developed the ISO/IEC27000 series standards, including ISO27001, ISO27002, ISO27003, ISO27004, and so on. In particular, in response to information security development trends and changes, the new version of ISO27001: 2013 has even modified the original 11 control objectives into 14. Since auditors of current host equipment (servers, desk computers, and notebook computers) still lack a more comprehensive auditing tool to assist in risk assessment operations during auditing processes and that not all auditors have information security experiences, the situation of improper auditing may result. Therefore, the articles in four management fields, namely, “access control,” “password,” “operation safety,” and “communications safety,” in ISO27001: 2013 served as the guidelines in this study to design and develop a systematic host security auditing assistive tool to enable auditors to rapidly acquire information related to host security through systematic operations. In addition, based on test results, relevant staff will be further required to make subsequent adjustment and improvement on inadequacies. Finally, this system enables auditors to more properly and conveniently audit host equipment (notebook computers, desktop computers, and servers).