Information technology has become an essential part of human life so as to facilitate a business activity. However, the use of information technology is not separated from the risks that can affect the process of the activity. As for the purpose of this study was to conduct an assessment of risk against potential vulnerabilities and threats that can attack the academic information system E-University all at once mempersiapan action anticipation towards things that can interfere with the the system. To do the assessment, this study uses the framework NIST SP 800-30r-1 consisting of nine stages to risk assessment i.e. in the characteristics of the system are used, identify the threats that attack system, identification of vulnerability, control systems, determine the likelihood of occurring (likelihood), determine the impact (impact), the determination of risks, control recommendations and documentation of results. The results of the risk assessment against the academic information system E-University is there are three risks disrupting existing activities in the system. Then from the results of the assessment of risks in the form of recommendations are used to minimize the risks that occur on the system