When looking at an organization's security needs, you should begin with any existing security policies or procedures that the organization might already have in place. We started this chapter with an in-depth examination of how to analyze a company's business requirements for network and data security. This included looking at these existing security policies and procedures, either to incorporate them into a new security design, or to determine the kinds of changes they would need to work within a Windows Server 2003 network. Examining existing security policies extends to technical measures like analyzing security requirements for different types of data, since some kinds of data might be subject to specific security or retention policies, and some datais simply more mission-critical or sensitive than others. We also looked at administrative procedures such as being able to balance security and usability for users on a network, along with raising security awareness to better involve your user base in the security process. As a network administrator, you will need to balance the human and the technical in order to create the best security design for your organization.