This study describes the definition, the highlights and the development status in domestic and overseas of cloud computing. It simply analyzes the network security risk caused by cloud computing, division of the three modes in cloud computing platform architecture and the relationship among them. Starting from the definition and the framework, the paper analyzes the nine elements (asset, threat, vulnerability, security precaution, risk, residual risk, standardization, laws and regulations) of the security risk assessment of cloud computing and the relationship of them. Based on the relationship of the nine elements and the method of traditional information security risk assessment, it worked out a formal model for the risk assessment of cloud computing. This model has some similarities with the method of traditional information security risk assessment and also it has the particularity owned by cloud computing. It can predict the information security of users in cloud computing service well, so as to protect the users’ assets.