The research of this dissertation focuses on the quantitative methodologies of the network security assessment. So the dissertation gives the term “Model-based network security risk assessment” a more meaningful definition. The methodology called a model-based will use one network security analysis model to design the scenarios of threatens according to the Patterns behaviors of vulnerabilities and threatens in the network. And then the risk assessment will be done under those scenarios. Following this new definition. The dissertation Proposes a Component-centric Access Graph Based Network Security Risk Assessment Model (Oc-AGNSRAM).