Information Technology (IT) Risk Management is designed to confirm the sufficiency of information security. There are many risk management/assessment standards, e.g. IS0 27005:2011 and NIST SP 800-30rev1, which are mainly designed for general organizations such as governments or businesses. Cyber risk assessment focused on military strategy has been rarely studied. Hence, this paper presents an innovative cyber risk assessment conceptual framework named “Cyber Risk Assessment (CRA)” which is extended from previous work with Military Risk Evaluation (MRE). This proposed CRA is the collection and integration of both quantitative and qualitative data. The Vulnerability Detection (VD) tools in Network Risk Evaluation (the previous studies) were used for the quantitative data collection and the focus group in the MRE (the proposed method) was used to collect qualitative data, which enhance the general risk assessment standard to achieve the objective of the research. The complexity of cyberspace domains with a military perspective is thoughtfully contemplated into the cyber risk assessment for national cyber security. Results of the proposed framework enable the possibility of cyber risk evaluation into score for national cyber security planning.