What security issues must be taken into consideration with regard to an organization’s hardware?

That depends on the organization -- what is the organization? public? private? for-profit? non-profit?

Who uses the organization's computers? For what reasons? Will some users be able to read only, and others able to add and change data?

You have lots and lots of thinking to do before you can decide on what your answer to this question will be.