Abstract: Based on the experience and lessons of network security risk assessment of information system at home and abroad, combined with the requirements of network security and informatization governance system of railway industry, this paper established the network security risk assessment system of railway information system from three aspects of safety management guarantee, safety technology guarantee and safety operation and maintenance guarantee, and carried out the research on inspection and assessment method combining qualitative and quantitative methods.The research can provide theoretical basis and technical reference for railway network security management personnel and maintenance personnel to carry out network security risk assessment and security self-examination, which is of great significance to railway information system network security management work.