Information security contains many concepts and knowledge entities. As the development of information technology, the complexity of increasing information security knowledge need an overview representation and organization for security analysis and risk evaluation. Ontology as a formal and shareable semantic model, which is often used to define domain knowledge schema, can also be applied for information security knowledge base construction. In this paper, we propose ontology knowledge base construction method for information security, discuss the ontology construction processes, and design the knowledge schema. The ontology contains main concepts in information security and related properties and relations about these concepts with semantics. It supplies related information, such as assets and weakness, to security management and analysis applications. We introduce each step of the proposed method, and valid it using a practical information security knowledge base development.