We have a single building location with a firewall, web filter and email filter (as SMTP gateway) Exchange email server and Citrix server for remote users via citrix secura gateway. Domain password policy is set to 90 days for most users and we outsource the web hosting.
We are now reviewing our security polices and I am looking for the best practices advices.
1. how to increase security for key users who has no password expiration without creating a problem for them to remember each time new password ( some password management tools)
2. how to bief up security for exchange when using exchange anywhere and iphones, laptops etc.
3. how to bief perimeter security
i 10+ year of experience and only looking for an expert advice