This paper develops a security risk assessment model in network information systems for multiuncertain environment based on evidence theory. In the model, security risk index system is established and index weights are quantified. The paper redefines the basic probability assignment anew so that it is suitable for the uncertain description of evidences in the process of security risk assessment. To decrease the uncertainties of expert experience in the process of assessment, the test of evidence consistency is implemented and the method of adjustment is confirmed. Finally, the correctness and effectiveness of the model are validated via empirical analysis.