In the era of computing, computers and computer networks have become one of the most critical assets of most organizations. As the number of computer attacks increases everyday, it is important to develop a method to evaluate whether a certain service hosting computer is in critical state such that information security staff may be alerted to follow up the condition. In the past, risk evaluation was only based on the characteristics of a computer, which is not able to reflect the dynamics in the continually changing network environment. In this study, we proposed to evaluate the risk of a computer according to both the intrinsic and static characteristics of the host itself as well as the extrinsic and dynamic characteristics of the attacks aiming at the host. The former includes the vulnerableness and the importance of the host, and the latter consists of the relevance, the seriousness and the continuativeness of the attacks. We devised a set of procedures to quantify the originally qualitative characteristics, some of which are based on industrial practices. We further designed a formula to integrate all quantified characteristics into a risk index. As shown in the experimental result, the dynamically changing index is able to reveal the risk state of a host.