By using descriptive statistics, ANOVA and regression analysis approach, we examined the organizational impact when implementing ISMS. The top three types of difficulties for implementing ISMS are increased workload, Shortage of manpower and Lack of proper authority for information security team. The top four benefits for implementing ISMS are found to be: Gain reputation for enhancing information security, Raise value of governmental services, Establish standardized and documented information security processes, and Raise information security awareness and capabilities of organization staff. The top four critical success factors for implementing ISMS are shown as: Top management support and commitment, Project team members with information security capabilities, Proactive push by information security team, and On-going information security advocacy and training. Embarking on ISMS is one key step in enterprise management; therefore, enterprises should control the critical successful factors and minimize the possible difficulties in order to realize more benefits. To attain more complete information security, carrying out PDCA (Plan, Do, Check, Act) and improving ISMS will be the main factors.