The intent of security is to manage risks and the extent of the loss after an incident. This simplistic definition does not do justice to the enormous scope of organizational security and the complexity of the processes required. The investment in security processes, automation and professionals has been significant for most organizations and continues to consume budgets on an ongoing basis, from physical security to the myriad of types of information security. Yet, organizational security is routinely rated poorly, especially with the rapidly growing threats to information security. At the same time, the consequences from these failures escalate as laws are put in place to protect individual privacy, create reporting requirements and demand accurate inventory information on which to build security processes. The responsibility for securing the organization and its data is a priority for most organizations and should be part of every employee’s responsibility.