This chapter aims to study the success factors of the ISO 27001 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27001 in the implementation of information security policies in organizations. The purpose of this paper is to investigate what controls are commonly used and how they are selected to the implementation of information security in large public organizations in Middle East and North Africa MENA through ISO 27001, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27001. The finding will help organizations to assess organizations to implement an effective information security policy.