We all experience some type of risk when we own or are responsible for something that is of value. Other people can also value that "something," and may accidentally or intentionally harm or steal it.
When it comes to our campus, the "something of value" that we care about is information, more specifically, restricted data such as personally identifiable information (e.g., social security or credit card numbers). Other campus information that may also be considered sensitive is student information, like enrollment and grades, or research data that may lead to a patent. This information has value to its owner(s), but it may also be valuable to others who may not have a legitimate need for or right to it.
How do people understand the value of the information for which they are responsible? How do they know how to protect the information? How do they identify and manage risk? It all starts with a risk assessment.