Perform a risk analysis.

  • Determine what you are trying to protect.
  • Assess your network bandwidth and your CPU cycles, or disk space.

Perform a cost analysis. Include:

  • cost of initial setup
  • project planning
  • ongoing administration

Consider the costs of having no security. For example, determine how much it would cost to have your network down for one week, two weeks, and for more than two weeks.