I recently took a new role at a company who has very little in the form of existing IT infrastructure and best practices. My goal is to bring them up to at least a good baseline all around. Some of my goals are the following:

Inventory Management

Ticketing System

Redundancy - UPS, ISP failover, Backups etc.

Better Password Practices - Maybe 2 Factor

Mobile Device Tracking -Laptops and Phones

Malware Protection and Firewalls

VPN tunnels from remote sites

Can anyone make any suggestions on other items I should implement to improve security that I may be missing? Improving security was one of their biggest goals when hiring me on and I want to be sure to balance security with availability.

Thanks in advance.