Yep. This. Couldn't agree more. I went to a BSides talk years ago titled "Does DoD Level Security Apply to the Real World?" ~ In summary, Yes.
The premise of the talk, as I understood it, was that too many small operations or "mom and pop" shops think that they do not need "Department of Defense" level security, because they're a small general store, not Fort Knox. That's a misconception. "DoD Level Security" doesn't mean that you protect your place like the NOC list in Mission Impossible; it means that you are proactive in thinking about your thread model and assessing the value of your assets. If, after proactively thinking it through, you're still comfortable with just a cheap pad lock and no alarm system, then you've applied "DoD Level Security" (or something like it).
The premise of the talk, as I understood it, was that too many small operations or "mom and pop" shops think that they do not need "Department of Defense" level security, because they're a small general store, not Fort Knox. That's a misconception. "DoD Level Security" doesn't mean that you protect your place like the NOC list in Mission Impossible; it means that you are proactive in thinking about your thread model and assessing the value of your assets. If, after proactively thinking it through, you're still comfortable with just a cheap pad lock and no alarm system, then you've applied "DoD Level Security" (or something like it).