ABSTRACT Information is a key asset for organizations, and reducing the risk of information compromise is a high priority. There are already many models of risk assessment and more are emerging every day. They all have the same fundamental target, but most attempts to hit the target from very different approaches. Some approaches can be applied to all types of risk; while others are specific to particular risks. There are two common approaches used in risk assessment: a quantitative approach and a qualitative approach. They all have the same fundamental target to estimate the overall value of risk, but most attempts to hit the target from very different approaches. Some approaches can be applied to all types of risk, while others are specific to particular risks. The main purpose of the study is addresses some of the methodologies used currently to analyze information security risks. The main task for an organization is to determine which one to use according to the selecting criteria . Since the organization will spend money on whichever method they choose, it is vital that the chosen methodology meet the requirements. The purpose of the study is to compare and clarify the different model of information security risk assessment and the analysis that effectively addresses the risks of  nformation security.