Research on risk propagation is an important direction of information system security risk evaluation.We redefined the original load of information system network and the concept of node breakdown/ failure based on risk propagation and risk propagation model as well as considering the mutual effect between the adjacent nodes.The local preferential redistribution rule of the load was proposed and the information system network node breakdown and the number of effective nodes were used to reflect the resisting ability of information system to risk propagation.Two attacking strategies deliberate attacking with known network information and random attacking without network information were designed.Information system security risk propagation under conditions of different node breakdown was analyzed through simulation.The results show that node breakdown caused by a deliberate attack is more likely to cause the rapid global propagation of information system security risk.