Abstract: As the informatization constantly improved, information security risk was increasingly becoming an important factor affecting the key business of railway. On the basis of the current situation of railway information security management, the paper analyzed the challenges of information security management, discussed prevention measures and management methods of railway information security risk by means of constructing regulatory agency and institution, combined with integrated management platform of information security.