Ministry of finance in particular the directorate general of state asset (DJKN) is one organization that is tasked to undertake the management of state asset and improved services to stakeholders using information technology as a supporting element. To realize the value database of state asset into a credible executive information intact, timely, accurate and can be used for decision making process for the leadership of the ministry of finance then needed an information security risk management plan to the main information systems that support business processes DJKN. This research aimed to develop an information security management plan for DJKN particularly to applications that support key business processes that called state assets module applications using the framework of ISO 27005 and ISO 27002 for risk reduction management. The result obtained from this research is the information security risk management plan that contains the document mitigation risk, control recommendation to reduce risk and acceptance of risk which contains risk management decisions also the person in charge of mitigation risk.