Many organizations struggle to prioritize security elements to protect critical assets—why? Because they have failed to identify and prioritize those assets. Instead they talk about general categories of information: new product development and business strategies. Organizations need to better identify, risk rank and prioritize protection of the assets that drive their profitability.