01 Critical Services

Define your critical services

Define Damage / Risk classes for those services

Get the right literature for this

(Germans: Start with the "Grundschutz Handbuch", but don't take it as a dogma)

I once did the Grundschutz - Audit for my old balcony that was crammed with computers. A good practice to learn where I had neglegted best practices etc.