Are they secured?

♦Have you identified your critical information assets?  These assets can be archives, folders, directories, databases, networked devices, servers and applications that hold or play a role in the transport of critical business information

♦Have you classified them based on the impact to your organization if these assets were to be destroyed, stolen or be rendered inaccessible?

♦Have you put in the appropriate infrastructure and operational processes to control access to these information assets to protect their confidentiality, integrity and availability?