Despite all the recent advances in security technologies and a barrage of new products, most organizations are only slightly more secure than they were 4 or 5 years ago. While companies are running to the latest security technology, they are missing the understanding of the whys and hows of security on a macro level. This book bridges that gap. If you work in a medium to large firm and need to develop a comprehensive security plan for your company, you need to understand how these technologies and products fit into the big picture. You need to be able to make decisions about which technologies to select and where/how they should be deployed in a cost efficient manner. The first half of the book breaks down security decisions into a set of simple rules that allow one to analyze a security problem and make decisions in almost any environment. The second half of the book applies the rules to making decisions about a security plan for the entire enterprise covering perimeter/firewall security, application security, system and hardware security as well as on-going security measures such as recurring audits, logging and monitoring, and incident response. Day also includes sections on choosing between open source and proprietary security options; wired, wireless, and VPNs; and an entire section devoted to risk assessment.