http://blogs.technet.com/steve_lamb/archive/2007/12/17/where-to-start-with-effective-security-how-to-reduce-your-risk.aspxEffective security is all about risk. Measure it. Decide which risks you are uncomfortable with and take steps to mitigate them. It's also about People AND Processes - technological controls alone will not give you Effective Security. Scott Culp's 10en-GBCommunityServer 2.1 SP1 (Build: 61025.2)