Based on the factors that are available at the initial phase of the audit task, this paper proposes a labor time estimation method for the information security audit in the form of formula, statistically analyzing the data of the past 20 cases. Initially, audit mode, operation mode, penetration degree, and company size are considered to be the factors that could influence the labor time, and thus the “quantitative analysis I” is conducted with these factors. However the results were not sufficiently positive. As a result, by dividing audit mode into regular and emergency audit and by using company size as the factor, labor time estimation formula has been established by means of the regression analysis. Compared to the traditional estimation by skilled system engineers with around 15% error, this proposed formula has 6 to 11% error, which means that this formula has enough practical accuracy. Key-Words: information security audit, audit plan, labor time estimation, quantitative analysis I, regression analysis, labor times