There are various kinds of security threats that enterprise IT systems must face and implement security controls to mitigate them. Different threats must be treated with different security countermeasures. Refer to the below diagram, the information assets at the hosts are presumed to be the most important to protect. Internet hackers, internal abuse, mis-operations and other threats resources must be taken into considertation when designing a defense-in-depth security system. Host based access control, audit, IDS, firewalls, and the central security management software are what you can make use of. The challenge is to balance the security investment and the outcome. So you’d better to take a risk assessment to quantify the security risk and corresponding distribution, associated with the assets, line of business and etc.