As information security professionals, we wage a battle every day against an unseen foe. This article discusses just how the battle plans should be drawn. It gives you an understanding of why IT security is not only an ongoing effort, but takes much more effort and resources than most companies or executives are willing to admit. Security is a tactical effort that takes planning, strategy, practice, and an ongoing review and maintenance process. It is an issue of whether or not to hire an outside firm to monitor your systems and review logs and still being able to take care of problems internally without negative impact to financial performance or reputation. Also at issue is knowing when to call in outside help when the problem gets too big for your resources to handle. The author presents a problem and potential understanding that whether you outsource or insource, you will have the same problems; and that planning, procedures, development, testing, and deployment are all critical and ongoing issues for any company's security model.