I agree about the need for regular network security audits. What I think is as important is a rethink of the existing network security policy.

The last time the department network security policy was looked was when a fast talking consultant dumped a colorful network security policy binder on your boss's desk (where it still resides,unopened!)

I think we needed to re look at the network security policy, adapt to industry changes and communicate better to developers on network security policy.

Gary
http://www.data-recovery-reviews.com/internetnetwork-security-policy.htm