Now that the hard — or at least technical — stuff is over with, it's time to pull everything together, fix what's broken, and establish some good information security practices to move forward with.
First, this part covers reporting the security vulnerabilities you discover to help get management buy-in and hopefully more budget to make things right. This part then covers some good practices for plugging the various security holes within your systems and patching everything up to keep from being attacked. Finally, this part covers what it takes to manage change within your security systems for long-term success, including outsourcing ethical hacking so you can add even more projects to your overflowing plate! That's what working in IT and compliance is all about anyway, right?