Based on the fuzzy multiple criteria group AHP, a new method has been proposed for the risk assessment of information system security and then its index system has been established. The least variance priority method of triangular fuzzy number complementary judgment matrix is necessary to obtain the weight of each index. The fuzzy weights of the second-class indexes can be derived from the synthesis of experts’ opinions by the fuzzy Delphi method. Combined with the security values of the second-class indexes expressed by the fuzzy language variables, the fuzzy indexes for evaluating information system security are gained by use of the hierarchical integration method. Finally, with the aid of the
average area measurement method, the security values of the system are determined so that the system can reach its security rating. Furthermore, a practical example given in this paper verifies that the new method is feasible and effective.