Information security risk assessment is one important part of the security engineering in information system. It has been the focus of the research in the world wide information security fields. This paper designs and realizes a new model of information security risk assessment based on AHP method. In this case, In order to estimate the network security risk by AHP method, firstly should identify the most related factors and establish the threaten identification Hierarchical Model and Vulnerability Identification Hierarchical Model for information security risks. Then, compare every two elements to determine the relative importance of each element. Finally, judge the comprehensive weight for each element. The study of the case shows that the method can be easily used to the risk assessment of the network security. The results are in accord with the reality.