Most companies prefer the "top-down" organizational approach when dealing with technology and security within their network. It makes sense, if the organization can develop substantial security policies, and find a way to successfully follow through with implementation of the policy.
The link above will retrieve for you a white paper that I wrote in the Fall of 2005 using a fictional network diagram to discuss the technologies and concepts an information technology manager must address to successfully implement a comprehensive security policy.
In researching, writing and presenting this white paper, I learned about corporate security models, and how to manage the living document that is the security policy. Maintaining security is never complete. Training and research must be continually conducted to assure the highest possible level of security within a network. In the long run, this will save many man hours and potentially millions of dollars of damage in the form of compromised data, or organizational restructuring.