The invention discloses an information system service security evaluation method, which belongs to the field of information system service security evaluation, and comprises the following steps of: acquiring security data of an information system service in an execution process by adopting data acquisition equipment; acquiring the preference of the user to the information system service security data; extracting security data to establish a decision matrix, and calculating the weight of each security assessment attribute according to an information entropy method; and calculating a security value L of the corresponding information service according to the weight of the security evaluation attribute. The method can accurately reflect the actual security state of the information system service in the operation process.