As information technology is widely used in electric power field, security risks penetrate into all aspects of electricity production and operation, meanwhile, complexity of electric power information system make it's very difficult to guard against security risk. Information security risk assessment is the foundation and the precondition of information system security. In this paper, combining long-term power information security supervision practice, we give a multi - hierarchy and multi - attribute index system of information security risk evaluation, and point out these indexes are characterized with grey, fuzzy and difficult to quantify. Then, the analytic hierarchy process (AHP) and the theory of grey system are introduced in setting up a comprehensive evaluation model, we obtain the final score using the information fusion of different experts. Additionally, an application example is used to illustrate the availability of the proposed evaluation method. The result shows that grey evaluation which combines advantages of the qualitative and quantitative methods can be applied to risk evaluate of information system more accurately and scientifically. Meanwhile the evaluation results can help supervisors judge which is the necessity to improve.