In this exploded information technology era, the risk assessment of Information Security Management System (ISMS) has become the major concern by the business management and military department. The vulnerabilities of information security would inflict severe crisis on the enterprise or government easily that, however, the risk with its impact also brings us the revolutionary change for the sake of minimizing the risk. In order to keep the sustainable development and secured operation in organization, the continuous risk assessment, preventive management and immediate contingency plan have to be undertaken as preventive action. This paper is to use Failure Mode and Effect Analysis (FMEA) methodology to establish and provide a new risk assessment, and with heuristic model for studying ”The effective risk assessment on ISMS of MND”.