Providing appropriate security in the ever changing environment is a challenge. To help yourself you need to establish a 'frame of reference' against which you can assess your current state, plan progress and understand the effect of change.

There are many alternative approaches/view as to what this 'frame of reference'  might be or look like. In the majority of cases these tend to be incomplete either in themselves or in their implementation.

I dont profess to have the full answer but believe that I provide a reasonable alternative on this site.