Information society is rapidity developing in the various fields of banking, trade, medical service, energy, and education using information system. Evaluation for security risk analysis should be done before security management for information system and security risk analysis is the best method to safely prevent it from occurrence, solving weaknesses of information security service. In this paper, modeling it did the CBR (case-based reasoning) evaluation function it will be able to establish the evaluation plan of optimum. CBR evaluation functions manage a security risk analysis evaluation at project unit. It evaluates the evaluation instance for beginning of history degree of existing. It seeks the evaluation instance which is similar and result security risk analysis evaluation of optimum about under using planning.