Much of the focus in network security centers upon measures in preventing networ

Much of the focus in network security centers upon measures in preventing network intrusions and handling security events. There is also a growing debate about what proactive measures an organization should take. From a practical matter, what could some of these practical measures against a probable attacker?? Also, to what extent should these measures go?