1. Conduct a risk assessment of your organization's networks. Some information may be confidential, so report what you can.
2. Investigate and report on the activities of CERT (the Computer Emergency Response Team).
3. Investigate the capabilities and costs of a disaster recovery service.
4. Investigate the capabilities and costs of a firewall.