Given the rising threat of radiological and nuclear terrorism, it is imperative to assess if radiological facilities, such as universities and medical centers, have the means to fully understand and evaluate the security of their radioactive sources. In this context, risk assessment is a function of threat, vulnerability and consequences. This study aims to develop and demonstrate a methodology to compute a risk index for a higher education institution (university), based on the probability of occurrence of a Threat Event (TE) and its subsequent magnitude of incurred loss. This risk index provides a quantitative value for comparing risk and making decisions towards radiological security improvements. The index employs the triplet definition of risk, structured as a set of threats, vulnerabilities, and consequences. These were used to construct a single composite number by weighing the threat scenario probabilities, relative attractiveness and characteristics of the radioactive material, multiple parameters elevating vulnerability of source security, and the consequence net loss. The risk decomposition is based on the Factor Analysis of Information Risk (FAIR) ontology. Probability density functions and event trees were then used to simulate scenarios to estimate the probability of successfully completing a malicious act at the university, such as theft of the source. For this study, a higher education institution that uses a number of radioactive materials for research and teaching, was analyzed using the risk index model. Specifically, three facilities housing nuclear or radioactive sources at the university were compared: a research reactor, Co-60 irradiator, and radiopharmaceutical laboratory. The emphasis of the study is on the research reactor, but the other facilities were also analyzed for comparison. The research reactor facility houses a 10-kW swimming pool type reactor containing plate type uranium/aluminum fuel. The irradiator facility contains both Co-60 and Cs-137 sources with Ci amounts of activity. The radiopharmaceutical facility contains a number sealed and unsealed sources with mCi amounts of activity. Two proposed attack scenarios (theft and sabotage) were simulated for each facility. The radiopharmaceutical laboratory sources yielded the highest probability of successful sabotage and theft outcomes while the reactor facility yielded the highest consequences in the sabotage scenario. The contribution of the proposed research is significant as it allows for a new tool in the field of radiological source security-one that is expected to introduce, analyze and numerically test a methodology that yields a facility level risk index.