Many organizations have limited resources (time, personnel, and money) for IT, and oftentimes only a small portion of that is devoted to security. Given the limited resources available to create and execute a best practice security plan, you will need to face up to these constraints and prioritize security tasks.
But how, exactly, should you go about strategically prioritizing your security needs? How can you determine which aspects need to be addressed first and which can be dealt with later? After all, aren’t they all important?