In terms of Internet of Things (IOT) system with the possibility criterion of fuzziness and randomness security risk, we qualitatively analyze the security risk level of IOT security scene by describing generalization metrics the potential impact and likelihood of occurrence of every major threat scenarios. On this basis, we proposed self-assessment algorithm of IOT security risk, adopting three-dimensional normal cloud model integrated consideration of risk indicators, researching the multi-rule mapping relationship between the qualitative input of safety indicators and the quantitative reasoning of self-assessment. Finally, we build security risk assessment simulation platform, and verify the validity and accuracy of the algorithm in the premise of substantiating the risk level and the safety criterion domain.