Having a well defined and robust protective security strategy is critical for any organisation that seeks to safeguard their assets, systems and people. Organisations that lack a formal enterprise protective security strategy more often than not make intuitive decisions rather than informed ones. Thus they spend more than they should on strategies that don’t work and routinely fail to identify potentially serious security threats, vulnerabilities and risks within their organisation.