This report explores the foundations of network security, devising a security policy for a fictional company that engages industry frameworks for best practise to discover and mitigate risk. Internal and external threats are both identified, deploying a range of network infrastructure practises to provide a level of safety whilst balancing operational requirements.