With the prevalence of computer network, computer attack increases in its number as well as in its sophistication. Traditional protection mechanism consisting of signature-matching based or anomaly based intrusion detection and preprogrammed intrusion response is incapable of coping with the ever-changing challenges to the security of computer environment. False detection as well as inappropriate response could result in disastrous over-reaction or insufficient reaction such that security of the environment is in jeopardy. Therefore, the selection of a proper action on a detected incidence should be based on both the immediate state of the environment and the specific characteristics of the environment as well. And, in terms, the action should be justified, and adjustment should be made accordingly. We proposed a method to facilitate automatic generation of candidate response plans and automatic selection of the response action based on the risk status index. In this thesis, we proposed to incorporate environment characteristics information, risk index and attach progression information into the decision of intrusion response. we devised a procedure to generate candidate response actions, determine an initial response action, and adjust the selection of response action according to the resulted change on the risk index. With the proposed scheme insufficient or one reaction of intrusion can be avoided, and intrusion response at the appropriate level can be achieved.