The traditional techniques of quantitative risk analysis determine the solution by the probability distribution function of threats and its impact loss. Since risk assessment process often holds under uncertain situation with incomplete information due to rapid change of advent attack events especially in the Internet. It is hard to accumulate adequate events to precisely estimate the probability of threats and impact losses in some real cases. In this paper, a qualitative risk analysis method is employed to prioritize the risk level of assets through the use of fuzzy preference relation, fuzzy majority concept, and the ordered weighted averaging (OWA) operator. The peoposed mothod allows the experts to express their risk preferences in linguistic quantifiers and explicitly represents the importance (weighting) of risk factor and the corresponding impact loss degree instead of probability of advent events and money loss. Finally, a real case of risk assessment for the Internet Data Center (IDC) is given to illustrate our approach. The proposed method extends the traditional risk analysis using fuzzy multiple-person decision making (MPDM) theory, developed by Hererra, Chiclana, and Kacprzyk, to risk analysis in fuzzy environment. From numerical illustrations, the proposed model can effectively decrease the complexity of the risk analysis and reduce the time required to reach a group consensus when the committee includes the opinions of many decision makers.