The security assessment is a key function that should be performed in advance of any security deployment. Since experiences of cyber attack in power control systems are still limited, a complete methodology of security assessment for communication networks of power control systems is needed. According to past research, the difficulties of security assessment include the security analysis of power control process, and the security degree of each control step. Therefore, the attack graph and multiple criteria decision-making (MCDM) are introduced to deal with these difficulties. The overall security assessment is decomposed into two parts. One is the security analysis model for power control systems using attack graph, includes the basic concepts definition, construction algorithm, vulnerability function of each control step, and connection model-based system vulnerability calculation. Another one is focused on the quantification of the security degree in each control step-a hybrid MCDM approach integrated with an analytic hierarchy process (AHP) and a technique for order preference by similarity to ideal solution (TOPSIS) are proposed to value the vulnerability factors derived by the security analysis model. Finally, an instance communication network of power control system is modeling to test the validity of security assessment. The result supports the usefulness of the security assessment.