1) What do you need to protect?
2) Who or what are you protecting your data from?
3) What steps should you be taking to protect your data?
4) How effective are the security measures that you have implemented?