Here are the essential elements in this case:
Secure the corporate environment using a set of firewalls.
Set up a DMZ segment and place publicly accessible servers and services in that segment.
Secure customer communications using any of the means discussed in Chapter 2. (This can include using public encryption algorithms and digital certificates for authentication purposes.)
Plan, test, and implement a disaster recovery procedure, including tape backups.
Ensure that the information stored on the backup tapes in-house and offsite is accessible only to authorized and cleared personnel, and ensure that security guidelines are honored.
Secure the server room and communication patch panels, ...