When one thinks about security, one should think about the little things that have to be done.
Patching systems, rebooting.
patching all the applications.
checking the Access control Lists for new apps and ports.
ensuring the web apps are checked not just for bugs, but insecurities.
And finally test – and check for open and incorrect configurations