Information security risk assessment was an important component of information systems security engineering and the selection of assessment method had a direct impact on the final results of the assessment. But there were too many elements in the process of information security risk assessment. How to find the optimal elements from many elements to simplify the calculation of risk value and provide a strong basis for taking relevant measures, which was a problem needed to be solved. In addition, the reliability of the risk assessment results could not be guaranteed only through a single qualitative or quantitative assessment method. By Analytic Hierarchy Process (AHP), the relative weight of elements related to information security risk could be calculated. Then the optimal indicators, which provided a strong basis for taking relevant measures, could be selected by sorting the weights of elements to reduce the number of indicators. Moreover, Analytic Hierarchy Process, a method of the combination of qualitative and quantitative assessment methods, could overcome the shortcomings of single qualitative or quantitative assessment method.