Many companies consider initiatives like risk analysis and information classification, which tie protection measures to business need, to be too expensive and unwarranted. They instead look to information technology support organizations to identify the information that should be protected, the...