In the wake of the fast popularization of information and the rise of electronic commerce, information security is gradually gaining attention. How to perform the evaluation of the value of assets, how to perform the analysis of the risks associated with assets, and how to protect information assets fro sabotage, theft and tamper are currently the most important topics in the study of the management of information security. This research discusses the related standards of information security, and also addresses the aspects of confidentiality, integrated framework for risk analysis using vulnerability, threat of assets. Finally, the research results are illustrated by a case study. The results can be sued by business organizations as references or basis for information security planning and for management process improvements.