Best Practices for Permissions/Security

So I'm getting ready to dive into SP and stop testing around with it. That said, the one thing I feel like I'm missing in all the reading I've done is a best practice for managing groups and users.

My environment:

MOSS 07/WSS 3.0

I've got what is essentially an intranet that I've given anonymous access to all internal users. The intranet will consist of Home, Human Resources, Accounting, etc. From there each business unit will have a home page that is a subsite of the intranet home (for example the IT Home Page). What I want to do is have that IT Home Page be publicly accessible but have some of the document libraries, lists (calendar, etc) to be secure and only accessible by the it_members group, with admin rights by the it manager.

That is kind of what I'm looking to do. I'm open to comments and thoughts. Like I said I'm looking for best practice, so I might be way off.

Thanks,

Micah

Thanks again for your comments Curtis.

So with this way of going about it, you would have far fewer groups to manage. Basically just the three default groups that come with WSS.

I could still 'connect' them all by using the top-level, top link bar options in site settings to add buttons to a departments 'home page'. Then within the seperate collection have permission based subsites with secure info rather then jackin' with securing lists and libraries.

Are there any negatives to going this route Searching across collections works, correct

Curtis,

I don't see this option in site actions...Modify All Sites.

Thanks