You are tasked with improving the security posture of an existing system. What would your plan look like?