The proposed paper builds an enhance module for providing objective quantification information into the risk assessment process to supply the shortage of information asset valuation and risk management analysis in the information security management system. Besides, our system evaluates critical control point and key performance factor to assist manager accurately understand the benefit of information security system and achieves the total quantification risk assessment.