Abstract: This paper presents a new risk assessment model for measuring the security risk level of information systems. This model uses the topology structure of the correlations among system assets. It quantitatively computes the correlation extents and decides the influence of these correlations on the evaluated system. This risk assessment model improves the traditional security risk assessment model. By adding assets correlation as an important element to the process of risk assessment. It has achieved the quantitative risk assessment. Finally, an example of this risk assessment model is presented to show that this new model is better than the traditional ones.