For the subjectivity, complexity, and uncertainty of information system security assessment, this paper proposes a method for information system security assessment based on a differential evolution algorithm. First, the goal function is established according to the information system security evaluation model, and the evaluation information of the security level and security attributes of the system is obtained. Second, we propose a strategy based on confidence to reduce the randomness of the evaluation results. Third, using the optimization characteristics of differential evolution, a parameter optimization model considering the influence of evaluation efficiency and evaluation accuracy is constructed, which makes the description of information system security evaluation more accurate. Finally, an information security evaluation system based on a differential evolution algorithm is built. Simulation and experiment prove the proposed information system security assessment's effectiveness.