Security from Scratch ... How to Achieve It

If you find yourself in a situation where you're working for a company that has put together an IT infrastructure and the only real concerns have been functionality and performance, then this document is aimed as a guideline for starting off an information security culture. This will be achieved through policies and the use of various tools to analyze your systems and network - the end result should be a series of reports you can present on the current state of security in your company and a roadmap built on that to improve it based on a risk analysis.