Abstract In efforts to defend against attacks in a networked computer environment, more attention is spent on the threat caused by attacks coming from the outside network than on threat caused by attacks originated within the inside network because, in most of the cause, the main sources of the attack are from the outside network. By detecting outside attacks and fail them, most of the security threats to a computer environment are eliminated. However, an outside attack may escape the detection of the defense mechanism and successfully compromise an inside host, launch inside attacks, and cause tremendous damages. Therefore, we need a scheme to measure the risk of inside hosts and, after defense action applied, to determine effectiveness of such defense action. Based on the fact that attacks are usually completed in a sequence or a set of steps, we proposed a risk computation model. The information considered in the model includes vulnerability of hosts, attack type and vulnerability exploited by the attacks, the amount of attack, the configuration of the network environment, and possible progression of attacks. We quantify the risk of a host according to its own characteristics as well as the properties of security alerts. The resulted risk index can be utilized to evaluate the impacts of attacks experienced, predict the future progression of attacks and provide a way to validate the effectiveness of an applied defense strategy.