The authors studied the issue of network security risk assessment and proposed a method for the network security risk assessment based on enterprise environment. First of all, the authors proposed a vulnerability severity risk assessment method based on economic losses of an enterprise to evaluate the vulnerability severity for the enterprise. Next, the authors proposed a dynamic security risk assessment method by using the Bayesian attack graph model and combining the changes of network environment. Last, the case study interpreted the detailed calculation processes of the dynamic security risk assessment method, and the simulation experiment showed that the proposed method conforms to the real threat level of the network or information system evaluated, therefore, the evaluation results are more accurate and objective.