How can the organizations form optimum system security technology schemes to reduce the threat caused by vulnerabilities of their information systems is the key problem in information security management field. On the basis of describing the multi-goal decision-making model of the information system security technology scheme, this paper presented a self-adaptive genetic algorithm for security technology scheme of the information system enabling the organizations to choose the minimal-cost security technology scheme that can address the maximum vulnerabilities. And examples are given to demonstrate the validity of the algorithm.