In recent years, information technologies and information processing environments evolve rapidly. Therefore, organizations need to pay more attention to the information security issues. In order to satisfy the organizations' needs, many security risk evaluation methods were proposed. The major objectives of those methods are analyzing the security risks of an organization and setting the treatments priorities. Based on the risk assessment results, organizations could reduce the potential threats and impacts. In this paper, we will introduce the following five risk assessment methods in detail: CORAS、OCTAVE、IS risk analysis based on a business model、ISRAM and ISO 27005. Some of those methods require the system support to improve the efficiency of risk analysis processes. In the end of this paper, we will compare those methods and make some conclusions. Organizations can choose the most appropriate method according to our comparisons.