As the prosperous development of information technology and Internet, the enterprises change the management of supply chain into modern technology way. Also, the characteristics of information crime has become unremitting confidence , the protection of the invaluable information assets in the supplier chain is facing more rigorous challenges. How can the expensive security mechanism be assessed if it conforms its function and serves the core objectives of the enterprise. The mechanism of this paper is based on the ontology of the Unified Problem-solving Method Development Language. In this paper, the implementation knowledge of the SCM information security risk management is divided into three categories: domain, task, and problem-solving ontologies. The concepts of the knowledge ontology are implemented by a computer tool Protege, and programmed into a detailed knowledge inference rules by using CLIPS, and then used as an inference engine in the JESS expert system to strengthen the SCM information security risk management and enhance the security of the enterprise.