Abstract: The legitimacy method selection is the precondition and foundation of a scientific and effective assessment process in information security assessment. By considering the relevant criteria and the cost in the view of project risk assessment, this paper proposes an optimized method for effectiveness evaluation of risk assessment methods based on the fuzzy integrated assessment method and the DEA-model. By taking full consideration of the objectivity of evaluations, this method calculates the input and output of risk assessment activities and inspects the assessment effect of risk evaluation. This method has good maneuverability and thus it could be an option to select more efficient and scientific assessment methods when carrying out risk assessment.