You may be sitting there procrastinating about starting up a security program at your organization or even keeping the program static for the last few years. Understandably, the increase in external threats may require you to re-invigorate your efforts. So, what do you focus on first?