@ joshmobile:

It sounds as if you have inherited the proverbial can of worms?

I guess the way to go is:

1. Determine a Security Policy. Here, you look at who needs what to do their jobs. The secret is to give them exactly that..............no more, no less

2. Determine an Authorised Useage Policy that supports your Security Policy.

3. Look at your software and hardware solution options to implement and monitor #1 and #2. You have lots of good stuff above

I don't know your precise environment, but I will suggest that you look at a few more ideas that were not fully developed earlier in this thread.

1. Beware the dreaded laptop. You need to look at those very carefully, particularly as they tend to be issued to relatively senior and trusted personnel. I would personally require that if they are taken offsite they be audited and scanned on their return, and before they can access your network. IME senior management frequently have offspring that have bred true to type

2. NO! absolutely NO! P2P............... not never, notime!

3. Content/IP filtering............ if they really need those sites, let them come and ask. Foxy~ was getting at that with his comments on "really required".

4. Try to resist wireless until you are happy you can secure yourself as well as you can against USB devices.

5. Proxies?............ reading your personal e-mail at work? I don't think so?

6. Social Interfacing (read "engineering" for that)............. nope.

7. Mail attachments can be an issue............ maybe some people need them........... look for a system that quarantines them so the recipient has to come and ask.......... that is a great deterrent

Just a few thoughts to be going on with................