Based on SSE-CMM, it started with the key elements of information system security, a method of grading and measuring the risk key elements was established. The generant possibility of the information system risk was evaluated and analyzed with fuzzy analytic hi...