Perform a Risk Analyses
Your risk analysis can be very simple or can be very detailed. Everything depends on the size of your organization, the complexity of the projects and the sensitivity of the data that you handle. However, do not underestimate the work involved, because even if a project appears simple, the associated risks could be significant. There is no correlation between the size of a project and its associated risks. In order to check the accuracy and comprehensiveness of your risk analysis, it has to be verified by different people in your organization.
The result of your risk analysis will influence, amongst other things, your security plan. To arrive at this plan, you must prioritize security measures needed (taking into account your top business priorities) that need to be established in order to have an implementation plan that can be approved by management.