The invention discloses a method for evaluating the validity of an information safety protection system, and the method is characterized in that the method comprises the following steps: building an isolation and defense technique model which comprises a basic object, an evaluation algorithm, a participant, and a knowledge base; searching information based on the technique model; carrying out algorithm analysis according to the collected data information; analyzing the capability of security policy for resisting various attacks when a business system is attacked because of self-defects; and evaluating the effectiveness of safety measures through a qualitative and quantitative combination method; analyzing whether the attack capability obtained by an attacker in an attacking process affects the safety operation of the business system or not through an algorithm logic flow; verifying whether system isolation and defense technique play an expected safety guarantee effect or not, and taking corresponding protection measures. The method is good in information safety protection, is complete in information safety protection measures, is low in algorithm complexity, is high in evaluation efficiency, is good in stability and objectivity, and is good in isolation with an information system.