In 2015, the U.S. Department of Defense announced the RMF(Risk Management Framework), a new paradigm that combines existing cybersecurity concepts with system engineering-based risk management. The ROK(Republic of Korea) military has already applied the U.S. RMF when introducing the new F-35A fighter, and the need to introduce RMF, a more strengthened cybersecurity system, is emerging. For the ROK troops, RMF is no longer an inevitable trend, but the working conditions of the U.S. and South Korean troops are different, so it is essential to improve the RMF framework to suit the conditions of the South Korean military. In particular, due to the nature of the Korean military, which is not familiar with cybersecurity risk assessment at all, many difficulties are expected in the process of identifying cybersecurity risks, the starting point of RMF work. In this study, we propose a novel identification methodology to address the challenge between the practical applications of existing risk matrix-based risk identification methods.