The application of technology to the XYZ Education Institution can help data and information processing which is directly related to students, staff or lecturers in educational institutions. The problem that has been experienced in the XYZ Education Institution is that there is an attempt to enter the system from irresponsible people. The incident resulted in disrupted operational activities for a moment. The purpose of this study was to find out what information technology assets that exist in the XYZ Educational Institution, analyze and evaluate to minimize the risks that occur in each information technology asset and can find out the results of the assessment of risk mitigation of information technology assets. The research method used in this study is OCTAVE to treat the risk of information technology assets and FMEA to assess each risk, then the ranking will be given based on its priorities. The results of this study are ranks that have 3 high level risk, 4 medium level risks, 22 low level risks. So from the results of the RPN, special handlers need to be given the RPN that has a high level.