Managing risk in a university environment offers a diverse set of challenges. By definition, learning institutions are designed to share information in an open environment. This approach creates great obstacles for protecting valuable student and faculty information like bank account numbers, credit card numbers and social security numbers. From a program perspective, a data breach can have disastrous impact on the trust, reputation, and long-term growth of the university. Understanding how to balance the line between information sharing and information protection provides the foundation for an effective risk management program at learning institutions.