“What is our goal?” While the question is straightforward, getting to the answer is surprisingly difficult. Many companies assume the answer is obvious – we want to protect the organization’s information assets. The problem here is that we are assuming two things: 1) Information assets are known to any degree of precision 2) We understand what ‘protect’ means
