The goal of this research lies in application of construction of Bayesian Risk Factors Assessment Index on Information Security. Here, to integrate the viewpoints of the peaceful experts and the subjects that enterprises mainly pay attention to, and find out the key indicator that enterprises wish to promote their trouble-free service, then assist to help evaluate the security risk appraisal to enable the enterprises deeply realize the safe condition about their information, and complete themselves the information safe related decision-making. Adopt the expert interview and Delphi Method to divide the information security risk factors into 5 broad headings and 29 risk indicators. Based on Bayesian Theory, construct the appraisal targets and the patterns, and calculate the scores of the information security. There are first five important key indicators appeared, the higher level manager support and coordinate, the impediment and the detection between worm virus and the small dish program's attack, the known hacker's attack technique to carry on the protective measure, the information security equipment (information security software) to meet the demand, and fulfill the well-control management of the system using right and the gold key-password. Finally, the relevant analysis has confirmed validity of this appraisal pattern.