在資訊科技爆炸時代，資訊安全管理系統已成為各組織營運之最優先考量因素；資訊安全漏洞將造成企業之危機，風險發生原因及其影響也將帶來革命性的變化，為求組織永續發展及營運安全，不斷資訊安全管理系統評估、預防管理及立即應變計畫乃必然之防範作為。本研究以實踐大學高雄校區ISO27001()系統認證為例，透過資管系受過ISO27001()稽核員訓練課程54()小時之同學為對象，進行問卷調查，運用投票式權重評選模式，評選「政策與規劃、執行與管理、檢查與矯正、管理審查」之ISO27001()認證關鍵成功因素，()排列優先順序，()做為企業或大學導入ISO27001()認證之參考。

In this era of information technology explosion, the information security management system (ISMS) assessment has become a top consideration of the organization operations considerations. The ISMS vulnerabilities will cause the enterprise crisis, the causes and impact of ISMS will also bring revolutionary change. This study is to use the ISO27001 certification to assess Shih Chien University Kaohsiung Campus. All students who attend the survey are the information management students with 54 hours in ISO27001 auditor course the voting-ranking model is used to evaluate and calculate the weights of critical success factors (CSF) for ISO27001 certification. Who study concludes with the rank so “policy and planning, execution and management, checking and correction, management reviews”.