Critical Information Infrastructure (CII) can ensure social stability and security, and risk management plays a crucial role in it. It ensures the continuous and smooth operation of CII through the identification, evaluation, and control of risks. However, CII risk management based on level protection faces many challenges in practice. Therefore, this paper proposes strategies such as strengthening the connection between level protection standards and practical operations, improving risk assessment models and methods, enhancing the ability to monitor and respond to emerging threats, strengthening personnel training and security awareness education, in order to enhance the level of CII risk management and ensure the security of national critical information infrastructure.