Many researchers have proved that risk measurement of information systems is a very effective tool for improving confidence of information systems. However, information system risk in Korea still includes many subjective judgements. This study deals with applying a quantitative model to improve risk measurement of information system quality. First of all, we have come up with solutions to improve the evaluation efficiency on risk measurement. We have merged the risk guidelines of COBIT and CMM, and developed a quantified evaluation scheme that call by risk point. We have proved the validity of this model by interviews with experts and by case studies.