Comment Re:Holistic (Score 4, Insightful) 67
It all comes down to proper design and the ability to say "NO".
Security cannot be retro-fitted to a badly designed system.
The person who can demand that you support X in Y configuration NO MATTER WHAT is the person who controls your security. No matter what his/her knowledge level is.
Next, understand that you will (eventually) be cracked. Someone somewhere will make some mistake just long enough. MONITOR for that. KNOW what the regular traffic on your network looks like. PLAN for what you are going to do WHEN that happens.