I have a question and favor to ask. I am creating a tabletop exercise for College Students and Professionals in the field. It was inspired by Business Security Weekly (specifically BSW #289 https://www.youtube.com/watch?v=tra4pNxOv9o )

In short the exercise is about ranking which security measures and activities would be your first to implement and do aka what is the most important. The goal of the exercise is not just to have people rank them, but be able to explain, reason and discuss the reasons why.

The question is, how would you rank the following security activities and technologies in order of importance. Also are there any you would add to the list? I want to have a baseline of rankings for students to use.

• Firewall (Host/Network)
• Multi Factor Auth/OTP
• Cyber Insurance
• Security Training
• Policy
• Logging (Network/Host)
• STIGING/Hardening
• Inventory Management
• Backups
• Perimeter/Building Security
  

Thank you!