Our typical Cyber Security Risk Assessment identifies hundreds of threat vectors in a typical business.  As you can imagine, plugging all the holes can be a daunting task if you think about it all at once.  It makes it a lot mroe manageable to rank the threat vectors and develop a phased plan in which you can begin making progress in a formatted way.  When we helped an independent financial advisor secure his physical premises and office network, Phase 1 was complete.