The local market has for many years focused on perimeter protection, due mainly to the general regard that external threats were by far the most prevalent and dangerous. Decision-makers quickly implemented firewalls, anti-virus, antispyware, intrusion detection and also conducted vulnerability assessments.

In acquiring protection against threats, be they internal or external, a company has to base the decision on specific business requirements. In addition, and perhaps more importantly, it should take into consideration both the perceived and real impact to assets at risk.

As such an organization is compelled to conduct a thorough review of its existing assets and classification thereof. This process will help to determine how critical the various assets are, and how they should be prioritized in terms of security, integrity and availability.