I have implemented firewalls and anti-virus, are these the main security tools I need?
Certainly firewall and anti virus tools are very important security tools for business organisations, but we need to be clear about what they really do. Firewalls are primarily an network access control technology and one way of looking at this is to think about the postal system and how we address envelopes in the post, in this analogy, a firewall would look at how the envelope is addressed and make a decision on whether or not it should deliver the envelope, it doesn't necessarily look at what's inside the envelope. This is an important function in today's networks, its particularly important that you should set restrictions on who should access your network but its just as important that you look at the content of the 'envelope'.
Antivirus tools are also very important for organisations, they assist them in defending there servers and desktops against attack by malicious software like viruses, Trojans and worms etc. which can affect the availability and the stability of machines and cause them to fall over and prevent data being stolen from those systems, AV systems whilst they help to prevent things they tend to very much focused on cleaning up after the event.
As long as you're clear about what the tools do, they are important tools but not every organisations security challenges are going to be solved by managing network access control and defending against malicious software so an organisation really needs to take a risk based approach at looking at what security tools they need.