In recent years, innovations in information technology have evolved new business models to provide new technological experiences for the customers they serve, such as the technological development of financial technology. Whether it is Fintech or traditional financial institutions, controllers or processors of personal identification information The existing operating procedures and data protection risks of operators will be severely affected. Various industries are facing business challenges brought by ICT, digital transformation and even the metaverse. When it comes to information governance issues, security issues and organizational operational risks should be equally valued. In the past, the static risk assessment that was often used by the ISMS management system was bound to be unable to meet the requirements of corporate governance for operational goals! How to face the three lines of defense of the company's internal control and better control operational risks, it is imperative to develop dynamic decision-making models and governance strategies.