The importance of IS (Information System) security is rapidly growing. Nevertheless, the IS security evaluation scheme for Korea is rare. Therefore, this thesis develops an implementation framework for evaluating information security. This framework consists of three components: evaluation criteria, evaluation process, and organization. For each component, systematic implementation procedures are proposed. To demonstrate the usefulness of the framework, it is compared with three other evaluation methods.