In order to protect your valuable data in your company, you must first identify what it is and classify it according to its values. This is a basic requirement. Before deciding how to protect it, we need to clarify what we will protect and at what level. After clarifying these 2 issues, we have actually taken important steps regarding our institution’s Information Security Policy and You determine the scope.