I am often asked a number of different questions by organizations that are just beginning their security maturity journey. Some of the most common questions include: Where do I begin? How do I know what to prioritize? How can I build a strong foundation of security fundamentals? In what order should I add or improve capabilities?
These are all very good questions, and I tried to answer them, along with other questions, in my most recent SecurityWeek piece. The piece is entitled "The Security Operations Hierarchy of Needs": http://www.securityweek.com/security-operations-hierarchy-needs. While the length of the piece does not permit an in-depth discussion of all the points, I believe the piece does provide some helpful guidance for those searching for it. Hope you enjoy.