Although in recent years the military authorities have tried their best to improve the information security, there is still a need to build an integrated system for the entire information security. Based on the published documents and standards, including information security governance, ISO/IEC 27001, ISO/IEC 27002 and COBIT, the main purpose of this research is to conduct a whole risk assessment for the information assets in a military unit. We use Delphi method and questionnaires to collect and input the data to information assets risk interaction and security meter probability model in decision tree. Except that the HA (High availability) of the mainframe computer will not make its failure a threat and that the malfunction of core router in a single node will interrupt communication service, we found that the other weaknesses and threats can be handled by internal control. Finally, we suggest some control procedures to monitor the critical risks to a level acceptable by this military unit.