In the era of globalization, information technology has become popular in our daily lives. No matter what businesses are, they rely more and more on computer. Therefore, the issue on information security is gradually concerned. Not only the enterprises increase the related investments on information security management, but also our government aggressively promotes the policy of information security to keep different kinds of information from damages caused by security problems. Information assets have gradually become the main assets of business organization and the primary goal of information security management. In order to protect and realize the risks of information security, information assets themselves must be managed; however, effective management needs good process of management. Therefore, how to make the process stable and effective becomes the main goal of information management. Moreover, Capability Maturity Model Integration (CMMI) is one of the widely used models of continuous process improvement. In this research, the Risk Management process area of CMMI is applied to construct continuously improved risk management process, and enhance the efficiency and quality of risk management in information assets.