I. Goal II. Current status of the enterprise's network system III. Risk Assessment Process 1. Determine the Scope of the Risk Assessment 2. Threat and Vulnerability Identification 3. Analyze Risks and Determine Potential Impact 4. Reconstructing system and giving solutions a. Host Security b. Network Security c. Identity Security d. App Security e. Database Security f. Database Firewall g. Server Firewall h. Physical Security IV. Policy development 1. Network policy 2. SIEM policy 3. SOAR policy 4. Firewall policy 5. Database policy 6. Backup & Recovery policy 7. Personal management policy 8. Physical security policy V. Conclusion