Abstract: For the security risk assessment, the result always relies on the value assigned by some ctueries directly. In order to assess the information system of an enterprise objectively, we proposed an security risk assessment method based on information entropy. By constructing the matrix of Threat-Vulnerability and the matrix of Threat-Loss, we can enhance the result accuracy through dealing with the data of the matrixes by the method of the information entropy.In the end of the paper, we gave an example to explain the efficiency of the proposed method by analyzing an special enterprise information system

Key words: Information entropy, Security risk assessment, Quantitive method, Enterprise information system