Information Security Management System is a systematic approach to managing sensitive information so that it remains secure. This research is to evaluate and analyze current status of security practice at the public universities, to identify the risk on asset based on the assessment guideline from IS027001:2005 and lastly to determine policies in the Information Security Management System. The scope of this research is focus on the public universities in Klang Valley and based on the Plan Do Check Act Model in the IS027001 :2005. The methodologies that use are questionnaire, interview and plan section are distributed to the System Administration of the related public universities. After collecting the data, analysis of the data is done by calculating con~pliance issues by a calculation of the percentage and correlation coefficient. From the result all of the public universities in Klang Valley have aware about ISMS policy except one public university. From the current status security policy based on the IS027001:2005, mostly all the public universities have security policy based on the MYMIS guideline from MAMPU. As for the conclusion, the public universities involved agreed that the government should make it compulsory on the certification of IS027001. Chapters of the report presentation are based on individual of the objective in the research.