1.0 Introduction Nowadays, information can be classified as valuable rather than gold because of its evidence of effectiveness rather than absurd words. According to the authors, security is the combination of systems, operations and internal controls to ensure the integrity and confidentiality of data and operational procedures in an organization. To ensure that the information is under control, an IT specialist has been created. Many people can access the Internet without any specific requirements, so plagiarism and theft of other information occur without the culprit being identified. The authors combined five related theories such as information policy theory, risk management theory, control and audit theory, management system theory and contingency theory. 2.0 Literature review2.1 Definitions and coverageThe definitions have been adopted by many authors on the basis of their research and opinions. Overall, the existing information security is to control the uploading information, ensure the confidentiality and accuracy of information, and cover the entire information security management.2.2 Theory of Information security policyAccording to the authors, there is no consistent security policy until now. but many authors have proposed to cover this phenomenon. The IT professional must have an idea of ​​these issues because the objective of information security management is based on planning, consensus building, organizing, drafting, implementing and revision. 2.3 Risk Management Theory Planning and investigation are necessary to detect risks, threats and vulnerability of the information system. The result is to control and cover the organization level. 2.4 Control and Audit Theory Information security management must recognize the type of risk that is middle of paper...... management is in demand within the organization. They can serve as a protection or wall against the misuse of valuable company information by people who have no right to it. But you need a strategy and guidelines to use it. In addition, the use of ISM can reduce the risk. Author Background Kwo-Shing Hong Department of Management Information System, National Cheng-Chi University and Department of Comprehensive Planning, Control Yuan of the Republic of China, Taiwan. Yen-Ping Chi Department of Management Information System, National Cheng-Cui University, TaiwanLouis R. ChaoInstitute of Management Science, Tamkang University and Control Yuan of Republic of China, TaiwanJin-Hsing TangTak Ming Collage, Taipei, Taiwan.Works CitedHong , K., Chi, Y., Chao, LR, & Tang, J. (2003). A theory of integrated information security management systems.Information management and computer security, 11(5), 243-248.