Risk assessment for information security is uncertainty. To control these uncertainties is of great significance for effective risk assessment [1].There are many assessment methods, and the conclusions from them are less clear. This paper presents a fuzzy logic based information security risk assessment method FLISRAM. In this method, the results are from a comprehensive assessment for assets, threats and vulnerabilities of the information system.