Abstract: This paper studies on the sort method and developing trend of the information security risk assessment tool, then designs and implements a risk assessment tool based on referring to the domestic and foreign assessment methods and tools. This tool is an expert assessment system. It makes dynamic questionnaire based on the policy and baseline, and it also introduces into the quantitative and qualitative method, which improves the efficiency of risk assessment and ensures the results are more scientific.