Abstract: This paper proposes a cybersecurity risk assessment model based on the idea of classified cybersecurity protection assessment to solve the problem of risk analysis and assessment of the overall security status of the system after classified cybersecurity protection assessment. By analyzing the similarities and differences between classified cybersecurity protection and risk assessment, their correlations are derived. Making an in-depth study on the identification and assignment of the three elements of assets, vulnerability and threat, three-element asset value assignment method, CVSS calculation method of vulnerability assignment, A·J·Klee method of threat frequency and influence weight are proposed. Meanwhile, a quadrant diagram of risk level is constructed, in which the risk severity of a security event can be assessed according to the placement of the incident in the quadrant diagram. The research results are helpful for enterprises to combine classified cybersecurity protection evaluation and risk assessment in actual work.