Strategic thinking is at the heart of information security and each organization needs to meet demands of adequate security. Any company, big or small, should be capable of doing an inventory of all information technology assets and analyzing risks. For small organizations this can be as simple as understanding each asset’s confidentiality, integrity, and availability needs; rating it’s importance to the business and acceptable recovery points and time windows; and allocating resources for methodical solutions to the most important parts.
