This is a good article by Ray Pompon. Having spoken to many organisations over the years I can probably count on one hand the number who believed their networks had NOT been compromised. For those out there who still have that mindset I suggest you read this article.
1. The Assume Breach mindset
2. Pick your battles
4. Global visibility and rapid response
Assume the bad guys will get in (because they will), so make sure they can only get to the stuff you don’t care as much about. Segregate the important things with the assumption that the barbarians will be at the gate, even if the gate is inside your own network. Watch for enemies within and without, while being ready to respond calmly and totally at a moment’s notice. This is living with the Assume Breach mindset.