Risk management is useful in overcoming various problems such as not optimal business processes, the company’s reputation down, financial loss, or bankruptcy of a company. In the application of information systems, most organizations or companies have not noticed the importance of information systems security as well as the assets and impacts that arise. For that, the risk management assessment is used in reducing the errors that occur in the information system of the company's business processes. The risk management assessment is applied to the information system along with its assets in evaluating the possibilities of menaces and vulnerabilities. The Risk management assessment analysis is applied to the academic information system in universities. The result of the risk assessment is the results of recommendations on the stages that need to be done in protecting the assets of information systems and information systems themselves.