Organizational Security Policy should be in place, followed, audited, drill test.

System should clearly speak about : Identity Management, Patch Management, Backup Management, Virus, Antispyware softwares should be in place and updated regularly. For a large Information Based Organisation DMZ setup.

Secure your information infrastructure, and conduct vulnerability test.