The comprehensive assessment of information security is the foundation for risk management of information system. The information risks of organization are analyzed and identified by the application of knowledge value chain. The information resources and the information circulation process are explored in the management system. This paper built a two layers index system for assessment and it is concerned with four elements which are information, information source, information receptor and information environment. And then the model of fuzzy comprehensive assessment of information security is structured by the application of fuzzy methods. This theory research will give more props for the risk management study.