The invention discloses a complex network oriented security risk analysis method, including the following steps: combining the design characteristics of a data network service, abstracting a data network by using a related modeling method of a complex network, and then studying the topological characteristics of the data network in combination with statistics and the own characteristics of different information systems, analyzing the causes of different characteristics on this basis, and further finding out possible security risks; and meanwhile, studying cascading breakdown phenomena of different network elements to reduce the network security risks; through consistent inspection and test evaluation methods, aiming at a data network physical layer, a link layer, a network layer, a management layer and other hierarchical structures, performing quantitative evaluation on the data network configuration inspection and security, identifying the levels of the security risks, developing a suitable network security policy, and taking appropriate control objectives and control modes to control the network security risks to ensure that the risks are avoided, transferred or dropped to an acceptable level.