This talk focuses on how an organization should think about managing a network with the fundamental assumption that Internet-facing networks (business networks) are already compromised. This is a talk about how to drive that assumption into decision making. For example, how to best architect access, credential management, rule libraries, and access control.