We are in the process of installing security in our organization.

I have made some of the priorities. Could you please confirm if I am missing something on security side.

Physical Security

CCTV

Web Security

https

Patches for all

Layer 3 Protection

VPN IPSEC
Zoned based firewall or CBAC
Routing Protocol Authentication
ACL
Certificates
Spam Filter
AAA with radius or tacacs
PC Firewall
DNS Security
ESA
WSA
AMP
ip source guard
key chain encryption between protocols

Firewall divided into zones protecting the servers

Antivirus
Account policies on AD,
Certificates,
NAT
Access Rules
Access lists
Group Policies

VWWare inbuild IPS

Layer 2 Protection

Switches protecting workstations

DHCP Snooping
Root Guard
ARP Inspection
VLANs
Disable CDP
dot1x802

Wireless Security

WLAN
Encryption

Monthly inspection of vulnerability assessment and penetration testing
or cybersecurity services company to monitor vulnerabilities